CVE-2025-58069
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-09-24

Assigner: ICS-CERT

Description
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-09-24
Generated
2026-06-16
AI Q&A
2025-09-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58069
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
automationdirect click_plus_plc 3.60
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the use of a hard-coded cryptographic key in firmware version 3.60 of the Click Plus PLC. Specifically, the software contains a hard-coded AES key that is used to protect the initial messages of a new KOPS session, which can potentially be exploited.

Impact Analysis

The vulnerability could allow an attacker to compromise the confidentiality of the initial messages in a KOPS session by exploiting the hard-coded AES key, potentially leading to unauthorized access or interception of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58069. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart