CVE-2025-54855
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-09-24
Assigner: ICS-CERT
Description
Description
Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| automationdirect | click_programming_software | 3.60 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the cleartext storage of sensitive information in Click Programming Software version v3.60. A local user who has access to the file system and an active administrator session can exploit this flaw to steal credentials that are stored without encryption.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to sensitive credentials by a local user, potentially compromising system security and allowing further unauthorized actions within the affected environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70