ByteOS Network

NVD Vulnerability Details :

CVE-2025-59484

Awaiting Analysis

Source-ics-cert@hq.dhs.gov

Published At-23 Sep, 2025 | 22:15

Updated At-24 Sep, 2025 | 18:11

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	8.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Type: Secondary

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 8.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Weaknesses

CWE ID	Type	Source
CWE-327	Primary	ics-cert@hq.dhs.gov

CWE ID: CWE-327

Type: Primary

Source: ics-cert@hq.dhs.gov

References

Hyperlink	Source	Resource
https://www.automationdirect.com/support/software-downloads	ics-cert@hq.dhs.gov	N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01	ics-cert@hq.dhs.gov	N/A

Hyperlink: https://www.automationdirect.com/support/software-downloads

Source: ics-cert@hq.dhs.gov

Resource: N/A

Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

Source: ics-cert@hq.dhs.gov

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History