<ciso brief/>
Tag Banner

All news with #automationdirect tag

all tags →

Thu, October 23, 2025

CISA Issues Eight New Industrial Control Systems Advisories

#Security Advisory #Industrial Control Systems #Schneider Electric #AutomationDirect #Hitachi Energy #Delta Electronics

🔔 CISA released eight Industrial Control Systems advisories addressing vulnerabilities and updates across multiple vendors and products, including AutomationDirect, ASKI Energy, Veeder-Root, Delta Electronics, NIHON KOHDEN, Schneider Electric, and Hitachi Energy. The notices cover new findings and several updates (for example, Update A and Update C) and list ICSA/ICSMA identifiers for each advisory. Administrators and asset owners should review the technical details, apply available patches or vendor mitigations, and reinforce network segmentation, access controls, and monitoring to reduce exposure.

read more →

Thu, October 23, 2025

AutomationDirect Productivity Suite: Multiple High-Risk Flaws

#Security Advisory #RCE #Arbitrary File Write #AutomationDirect

⚠️ AutomationDirect's Productivity Suite and several Productivity PLC models contain multiple high-severity vulnerabilities — including relative path traversal (ZipSlip), a weak password recovery mechanism, incorrect permission assignment, and binding to an unrestricted IP address. Exploitation could allow remote attackers to read, write, or delete files, execute arbitrary code, or gain full control of projects. AutomationDirect has released updates (Productivity Suite v4.5.0.x and newer) and recommends applying the latest firmware and implementing network isolation and firewall/NAC controls if immediate upgrades are not possible.

read more →

Tue, September 23, 2025

CISA Issues Six New Industrial Control Systems Advisories

#Security Advisory #Industrial Control Systems #Mitsubishi Electric #Schneider Electric #Hitachi Energy #AutomationDirect

🔔 CISA released six Industrial Control Systems (ICS) advisories on September 23, 2025, providing timely information on security issues, vulnerabilities, and potential exploits across multiple product families. The advisories cover AutomationDirect CLICK PLUS, Mitsubishi Electric MELSEC‑Q Series CPU Module, Schneider Electric SESU, Viessmann Vitogate 300, and two updates for Hitachi Energy RTU500 Series. Users and administrators are urged to review each advisory for technical details and apply recommended mitigations promptly.

read more →

Tue, September 23, 2025

AutomationDirect CLICK PLUS Firmware Vulnerabilities Identified

#Security Advisory #Patch #AutomationDirect #CLICK PLUS #Hardcoded Secrets #Privilege Escalation

🔒 AutomationDirect has disclosed multiple vulnerabilities in the CLICK PLUS series affecting firmware releases prior to v3.71. Issues include cleartext credential storage, a hard-coded AES key, an insecure RSA implementation, a predictable PRNG seed, authorization bypasses, and resource exhaustion flaws. CVSS v4 severity reaches 8.7 for the most critical cryptographic and key-generation weaknesses. AutomationDirect and CISA recommend updating to v3.80 and applying network isolation, access restrictions, logging, and endpoint protections until patches are deployed.

read more →