CVE-2025-58473
📋 TL;DR
An unauthenticated attacker can cause denial-of-service on Click Plus C2-03CPU-2 devices by exhausting all available programming software sessions through improper resource handling. This affects industrial control systems using these programmable logic controllers with vulnerable firmware. The vulnerability requires network access to the device's programming interface.
💻 Affected Systems
- Click Plus C2-03CPU-2 Programmable Logic Controller
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete loss of programming capability, preventing configuration changes, troubleshooting, or updates to the PLC, potentially disrupting industrial processes that require real-time adjustments.
Likely Case
Temporary inability to connect programming software to the device, requiring manual intervention to clear sessions or restart services, causing operational delays.
If Mitigated
Limited impact with proper network segmentation and access controls, where only authorized engineering stations can reach the programming interface.
🎯 Exploit Status
The vulnerability allows unauthenticated exploitation via network requests to the programming interface. No authentication or special privileges required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for updated firmware
Vendor Advisory: https://www.automationdirect.com/support/software-downloads
Restart Required: Yes
Instructions:
1. Download updated firmware from AutomationDirect support site. 2. Connect programming software to PLC. 3. Upload new firmware using programming software. 4. Restart PLC to apply changes.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to PLC programming port (typically port 20256/TCP) to authorized engineering stations only using firewalls or network ACLs.
Access Control Lists
allImplement IP-based restrictions on the programming interface to allow only trusted engineering workstations.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PLC programming interfaces from untrusted networks
- Monitor for unusual connection attempts to PLC programming ports and implement rate limiting if supported
🔍 How to Verify
Check if Vulnerable:
Check firmware version on Click Plus C2-03CPU-2 device via programming software. If version is 3.60, device is vulnerable.Check Version:
Use Click Programming Software to connect to PLC and check firmware version in device properties.Verify Fix Applied:
After firmware update, verify version is no longer 3.60 via programming software interface.📡 Detection & Monitoring
Log Indicators:
- Multiple failed connection attempts to programming port
- Unusual number of simultaneous sessions to PLC programming interface
Network Indicators:
- High volume of TCP connections to port 20256 from single source
- Rapid session establishment/teardown patterns
SIEM Query:
source_ip="*" AND dest_port=20256 AND event_count>10 WITHIN 60s