CVE-2021-32984

Q: What is the severity of CVE-2021-32984?

CVE-2021-32984 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Automation Direct CLICK PLC CPU Modules allows unauthorized attackers to read PLC projects when an authorized user has unlocked the device. It affects C0-1x CPUs with firmware prior to v3.00, enabling privilege escalation through programming connections.

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability in Automation Direct CLICK PLC CPU Modules allows unauthorized attackers to read PLC projects when an authorized user has unlocked the device. It affects C0-1x CPUs with firmware prior to v3.00, enabling privilege escalation through programming connections.

💻 Affected Systems

Products:

Automation Direct CLICK PLC CPU Modules C0-1x CPUs

Versions: All firmware versions prior to v3.00

Operating Systems: PLC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when programming connections are enabled and an authorized user has unlocked the PLC.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control system logic, allowing attackers to steal proprietary automation programs, modify control logic, or disrupt manufacturing processes.

🟠

Likely Case

Unauthorized access to PLC project files containing proprietary automation logic, potentially enabling intellectual property theft or reconnaissance for future attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though the vulnerability still exists in the firmware.

🌐 Internet-Facing: HIGH - If PLCs are exposed to the internet, attackers can easily exploit this without authentication.

🏢 Internal Only: MEDIUM - Requires network access and timing window when authorized user has unlocked the PLC.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the PLC and timing when an authorized user has unlocked it.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.00

Vendor Advisory: https://www.automationdirect.com/support/security-advisories

Restart Required: Yes

Instructions:

1. Download firmware v3.00 from Automation Direct website. 2. Backup current PLC project. 3. Upload new firmware using programming software. 4. Restart PLC. 5. Verify firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLCs on separate network segments with strict firewall rules

Access Control

all

Implement strict access controls and monitoring for PLC programming connections

🧯 If You Can't Patch

Implement strict network segmentation to isolate PLCs from untrusted networks
Monitor PLC programming connections and implement alerting for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check PLC firmware version through programming software. If version is below 3.00, the system is vulnerable.

Check Version:

Use Automation Direct CLICK programming software to read PLC firmware version

Verify Fix Applied:

Verify firmware version shows v3.00 or higher in programming software.

📡 Detection & Monitoring

Log Indicators:

Unauthorized programming connection attempts
Multiple failed authentication attempts to PLC

Network Indicators:

Unexpected connections to PLC programming ports (typically 20256/TCP)
Traffic patterns indicating project file transfers

SIEM Query:

source_ip NOT IN (authorized_ips) AND dest_port=20256 AND protocol=TCP

📊 Metadata

CVE ID: CVE-2021-32984

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

Published: April 4, 2022

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 Third Party Advisory,US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C0 10are D Firmware by Automationdirect

C0 10dd1e D Firmware by Automationdirect

C0 10dd2e D Firmware by Automationdirect

C0 10dre D Firmware by Automationdirect

C0 11are D Firmware by Automationdirect

C0 11dd1e D Firmware by Automationdirect

C0 11dd2e D Firmware by Automationdirect

C0 11dre D Firmware by Automationdirect

C0 12are 1 D Firmware by Automationdirect

C0 12are 2 D Firmware by Automationdirect

C0 12are D Firmware by Automationdirect

C0 12dd1e 1 D Firmware by Automationdirect

C0 12dd1e 2 D Firmware by Automationdirect

C0 12dd1e D Firmware by Automationdirect

C0 12dd2e 1 D Firmware by Automationdirect

C0 12dd2e 2 D Firmware by Automationdirect

C0 12dd2e D Firmware by Automationdirect

C0 12dre 1 D Firmware by Automationdirect

C0 12dre 2 D Firmware by Automationdirect

C0 12dre D Firmware by Automationdirect