CVE-2021-32982 in CLICK PLC CPUinfo

Summary

by MITRE • 04/05/2022

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/06/2022

The vulnerability identified as CVE-2021-32982 affects Automation Direct CLICK PLC CPU Modules, specifically the C0-1x series operating with firmware versions prior to v3.00. This represents a critical security flaw in industrial control systems where authentication credentials are transmitted without encryption, creating an exploitable weakness in the operational technology infrastructure. The affected devices are commonly deployed in manufacturing environments where they control critical processes and machinery, making them attractive targets for cyber adversaries seeking unauthorized access to industrial operations.

The technical flaw manifests in the plaintext transmission of passwords during two critical operational scenarios: device unlocking and project transfers. This vulnerability stems from the absence of secure communication protocols during authentication processes, allowing attackers to intercept and capture authentication credentials through network traffic analysis. The weakness directly maps to CWE-312, which identifies the exposure of sensitive information through improper handling of data in transit, specifically when passwords are transmitted in plaintext format. The vulnerability is particularly concerning because it affects the fundamental authentication mechanism of the PLC modules, potentially allowing unauthorized individuals to gain administrative access to critical control systems.

The operational impact of this vulnerability extends beyond simple credential theft, as it provides attackers with potential access to industrial control systems that manage manufacturing processes, equipment operations, and production workflows. An attacker with network visibility can capture these plaintext passwords and subsequently use them to unlock devices, transfer projects, or potentially manipulate system configurations. This creates a pathway for attackers to disrupt operations, modify production processes, or gain persistent access to industrial networks, aligning with ATT&CK technique T1078 for Valid Accounts and T1566 for Phishing. The vulnerability is particularly dangerous in environments where PLCs control safety-critical systems, as unauthorized access could lead to production downtime, safety hazards, or even physical damage to equipment.

Mitigation strategies for this vulnerability should prioritize immediate firmware updates to version 3.00 or later, which would address the plaintext password transmission issue. Organizations should also implement network segmentation to limit access to industrial control systems, deploy network monitoring solutions to detect unusual authentication patterns, and establish secure remote access protocols for system maintenance. Additionally, regular security assessments of industrial control systems should be conducted to identify similar vulnerabilities, and administrative procedures should be updated to include mandatory password changes and secure credential management practices. The vulnerability highlights the importance of applying security patches promptly in industrial environments where legacy systems may lack modern security features and proper encryption protocols.

Responsible

ICS-CERT

Reservation

05/13/2021

Disclosure

04/05/2022

Moderation

accepted

CPE

ready

EPSS

0.00625

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!