CVE-2025-54855
📋 TL;DR
Click Programming Software v3.60 stores credentials in cleartext, allowing local users with file system access to steal them during active administrator sessions. This affects organizations using this industrial control system programming software for automation equipment.
💻 Affected Systems
- Click Programming Software
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to industrial control systems, potentially disrupting operations or causing physical damage to equipment.
Likely Case
Local users or malware with file access steal credentials to escalate privileges within the Click programming environment.
If Mitigated
Limited credential exposure with no lateral movement due to proper access controls and monitoring.
🎯 Exploit Status
Requires local access and timing with active admin sessions; not trivial but achievable by insiders or malware.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after v3.60 (check vendor advisory)
Vendor Advisory: https://www.automationdirect.com/support/software-downloads
Restart Required: No
Instructions:
1. Download latest version from AutomationDirect support site. 2. Install update over existing installation. 3. Verify credentials are now encrypted.
🔧 Temporary Workarounds
Restrict File System Access
WindowsLimit local file system permissions to Click Programming Software directories to authorized users only.
Use Windows ACLs to restrict access to Click installation directory
Session Management
allEnsure administrator sessions are logged out when not actively using the software.
Implement automatic session timeouts in Click software if available
🧯 If You Can't Patch
- Implement strict access controls to limit who can access Click programming workstations
- Monitor file access to Click configuration directories for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if Click Programming Software version is v3.60 in Help > About menu.Check Version:
Check Help > About in Click Programming Software interfaceVerify Fix Applied:
Install updated version and verify credentials are no longer stored in cleartext in configuration files.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file access attempts to Click configuration directories
- Multiple failed login attempts followed by successful login
Network Indicators:
- Unusual network connections from Click programming workstations
SIEM Query:
EventID=4663 AND ObjectName LIKE '%Click%' AND AccessMask=0x1