VYPR

Vendor CVEs

Automationdirect

All CVEs

48 total · sorted by risk
  • CVE-2025-61934CriOct 23, 2025
    risk 0.65cvss 10.0epss 0.01

    A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files…

  • CVE-2025-36535CriMay 21, 2025
    risk 0.65cvss 10.0epss 0.01

    The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

  • CVE-2025-0960CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.

  • CVE-2025-62498HigOct 23, 2025
    risk 0.57cvss 8.8epss 0.01

    A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

  • CVE-2025-55069HigSep 23, 2025
    risk 0.54cvss 8.3epss 0.00

    A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises…

  • CVE-2017-14020HigNov 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number…

  • CVE-2025-58429HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.

  • CVE-2025-58078HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target…

  • CVE-2024-25136HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.01

    There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

  • CVE-2025-62688HigOct 23, 2025
    risk 0.46cvss 7.1epss 0.00

    An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.

  • CVE-2025-61977HigOct 23, 2025
    risk 0.46cvss 7.0epss 0.00

    A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

  • CVE-2025-58456MedOct 23, 2025
    risk 0.44cvss 6.8epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

  • CVE-2025-55038MedSep 23, 2025
    risk 0.44cvss 6.8epss 0.00

    An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and…

  • CVE-2024-25138MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.

  • CVE-2025-57882MedSep 23, 2025
    risk 0.38cvss 5.9epss 0.00

    An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in…

  • CVE-2025-58069MedSep 23, 2025
    risk 0.34cvss 5.3epss 0.00

    The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session.

  • CVE-2024-25137MedMar 26, 2024
    risk 0.28cvss 4.3epss 0.00

    In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.

  • CVE-2025-54855MedSep 23, 2025
    risk 0.27cvss 4.2epss 0.00

    Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.

  • CVE-2025-60023MedOct 23, 2025
    risk 0.26cvss 4.0epss 0.00

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.

  • CVE-2025-59776MedOct 23, 2025
    risk 0.26cvss 4.0epss 0.00

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.

  • CVE-2024-11611Jan 30, 2025
    risk 0.00cvss epss 0.00

    AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this…

  • CVE-2024-11610Jan 30, 2025
    risk 0.00cvss epss 0.00

    AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this…

  • CVE-2024-11609Jan 30, 2025
    risk 0.00cvss epss 0.00

    AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit…

  • CVE-2024-24851May 28, 2024
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this…

  • CVE-2024-24947May 28, 2024
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these…

  • CVE-2024-24946May 28, 2024
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these…

  • CVE-2024-24959May 28, 2024
    risk 0.00cvss epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24958May 28, 2024
    risk 0.00cvss epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24957May 28, 2024
    risk 0.00cvss epss 0.00

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24956May 28, 2024
    risk 0.00cvss epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24955May 28, 2024
    risk 0.00cvss epss 0.00

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24954May 28, 2024
    risk 0.00cvss epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24963May 28, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to…

  • CVE-2024-24962May 28, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to…

  • CVE-2024-22187May 28, 2024
    risk 0.00cvss epss 0.01

    A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to…

  • CVE-2024-23315May 28, 2024
    risk 0.00cvss epss 0.01

    A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated…

  • CVE-2024-21785May 28, 2024
    risk 0.00cvss epss 0.02

    A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this…

  • CVE-2024-23601May 28, 2024
    risk 0.00cvss epss 0.01

    A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2022-2485Aug 31, 2022
    risk 0.00cvss epss 0.00

    Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

  • CVE-2022-2004Aug 31, 2022
    risk 0.00cvss epss 0.01

    AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1…

  • CVE-2022-2003Aug 31, 2022
    risk 0.00cvss epss 0.01

    AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects:…

  • CVE-2022-2006Aug 31, 2022
    risk 0.00cvss epss 0.00

    AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL…

  • CVE-2022-2005Aug 31, 2022
    risk 0.00cvss epss 0.00

    AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions…

  • CVE-2021-32982Apr 4, 2022
    risk 0.00cvss epss 0.01

    Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.

  • CVE-2021-32986Apr 4, 2022
    risk 0.00cvss epss 0.01

    After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed…

  • CVE-2021-32984Apr 4, 2022
    risk 0.00cvss epss 0.01

    All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC…

  • CVE-2021-32978Apr 4, 2022
    risk 0.00cvss epss 0.01

    The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior…

  • CVE-2021-32980Apr 4, 2022
    risk 0.00cvss epss 0.01

    Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.