{"containers": {"cna": {"affected": [{"product": "CLICK PLC CPU Modules: C0-1x CPUs", "vendor": "Automation Direct", "versions": [{"lessThan": "3.00", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."}], "descriptions": [{"lang": "en", "value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-04T19:45:56.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"}], "solutions": [{"lang": "en", "value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."}], "source": {"advisory": "ICSA-21-166-02", "discovery": "EXTERNAL"}, "title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32986", "STATE": "PUBLIC", "TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CLICK PLC CPU Modules: C0-1x CPUs", "version": {"version_data": [{"version_affected": "<", "version_value": "3.00"}]}}]}, "vendor_name": "Automation Direct"}]}}, "credit": [{"lang": "eng", "value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"}]}, "solution": [{"lang": "en", "value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."}], "source": {"advisory": "ICSA-21-166-02", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:42:19.029Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:56:15.348434Z", "id": "CVE-2021-32986", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:31:33.851Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32986", "datePublished": "2022-04-04T19:45:56.000Z", "dateReserved": "2021-05-13T00:00:00.000Z", "dateUpdated": "2025-04-16T16:31:33.851Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:42:19.029Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-32986", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T15:56:15.348434Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:56:17.331Z"}}], "cna": {"title": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel", "source": {"advisory": "ICSA-21-166-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Automation Direct", "product": "CLICK PLC CPU Modules: C0-1x CPUs", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "3.00", "versionType": "custom"}]}], "solutions": [{"lang": "en", "value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02", "tags": ["x_refsource_CONFIRM"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-04-04T19:45:56.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Irfan Ahmed and Adeen Ayub of Virginia Commonwealth University and Hyunguk Yoo of the University of New Orleans reported these vulnerabilities to Automation Direct."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "ICSA-21-166-02", "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.00", "version_affected": "<"}]}, "product_name": "CLICK PLC CPU Modules: C0-1x CPUs"}]}, "vendor_name": "Automation Direct"}]}}, "solution": [{"lang": "en", "value": "Automation Direct reports these vulnerabilities are all mitigated by Version 3.00 and recommends users update software and firmware to the latest version.\n\nAutomation Direct also recommends users follow its security guidelines."}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-32986", "STATE": "PUBLIC", "TITLE": "Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel", "ASSIGNER": "ics-cert@hq.dhs.gov"}}}}, "cveMetadata": {"cveId": "CVE-2021-32986", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:31:33.851Z", "dateReserved": "2021-05-13T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-04-04T19:45:56.000Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC", "versionEndExcluding": "3.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."}, {"lang": "es", "value": "Despu\u00e9s de los m\u00f3dulos de CPU del PLC CLICK de Automation Direct: C0-1x con versiones de firmware anteriores a v3.00, son desbloqueados por un usuario autorizado, el estado de desbloqueo no es agotado. Si el software de programaci\u00f3n es interrumpido, el PLC permanece desbloqueado. Todas las conexiones de programaci\u00f3n posteriores son permitidas sin autorizaci\u00f3n. El PLC s\u00f3lo es vuelto a bloquear por un ciclo de energ\u00eda, o cuando el software de programaci\u00f3n es desconectado correctamente"}], "id": "CVE-2021-32986", "lastModified": "2024-11-21T06:08:04.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-04T20:15:09.207", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}