CVE-2021-32986

Published Apr 4, 2022
Last updated 2 years ago
CVSS critical 9.8
Overview

Description: After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-863
ics-cert@hq.dhs.gov: CWE-288
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
            "versionEndExcluding": "3.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
