CVE-2021-32984
04.04.2022, 20:15
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.Enginsight
| Vendor | Product | Version |
|---|---|---|
| automationdirect | c0-10dd1e-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-10dd2e-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-10dre-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-10are-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-11dd1e-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-11dd2e-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-11dre-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-11are-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dd1e-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dd2e-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dre-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12are-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dd1e-1-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dd2e-1-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dre-1-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12are-1-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dd1e-2-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dd2e-2-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12dre-2-d_firmware | 𝑥 < 3.00 |
| automationdirect | c0-12are-2-d_firmware | 𝑥 < 3.00 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.