CVE-2025-55038
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-09-24

Assigner: ICS-CERT

Description
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-09-24
Generated
2026-06-16
AI Q&A
2025-09-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55038
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
automationdirect click_plus_c2-03cpu2 3.60
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authorization bypass in the Click Plus C2-03CPU2 device firmware version 3.60. It allows authenticated users with low-level access permissions to exploit the KOPR protocol used by the Remote PLC application to read and modify PLC variables beyond their intended authorization level.

Impact Analysis

The vulnerability can impact you by allowing users with limited permissions to access and change PLC variables they should not be authorized to, potentially leading to unauthorized control or disruption of industrial processes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55038. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart