CVE-2021-32978 : Security Advisory and Response

Automation Direct CLICK PLC CPU Modules are affected by a vulnerability that allows attackers to read a previously entered password. This could result in unauthorized unlocking of affected devices. Here's what you need to know about CVE-2021-32978.

Understanding CVE-2021-32978

This CVE involves the plaintext storage of a password in Automation Direct CLICK PLC CPU Modules.

What is CVE-2021-32978?

The vulnerability in the programming protocol enables attackers to read a previously entered password, potentially leading to unauthorized access to the affected devices.

The Impact of CVE-2021-32978

With a CVSS base score of 7.5, this high severity vulnerability poses a risk to the confidentiality of sensitive information stored within the CLICK PLC CPU Modules.

Technical Details of CVE-2021-32978

Here are the technical details associated with CVE-2021-32978:

Vulnerability Description

The flaw allows attackers to retrieve previously entered passwords and potentially unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs running firmware versions below 3.00.

Affected Systems and Versions

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware versions less than 3.00 are impacted by this vulnerability.

Exploitation Mechanism

Attackers can exploit this vulnerability by reading previously stored passwords and leveraging them to unlock the affected devices.

Mitigation and Prevention

To address CVE-2021-32978, consider the following mitigation strategies:

Immediate Steps to Take

Update the software and firmware of the affected devices to Version 3.00.

Long-Term Security Practices

Follow Automation Direct's security guidelines to enhance the overall security posture.

Patching and Updates

Automation Direct recommends users to update their software and firmware to the latest versions to mitigate the vulnerability.