Unrated severityNVD Advisory· Published Apr 4, 2022· Updated Apr 16, 2025

Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel

CVE-2021-32986

Description

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.

Affected products

Automationdirect/CLICK PLC CPU Modulesllm-create2 versions
<3.00+ 1 more
- (no CPE)range: <3.00
- (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

www.cisa.gov/uscert/ics/advisories/icsa-21-166-02mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000