Vulnerabilities > Automationdirect > C0 12Dre 1 D Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2021-32978 | Insufficiently Protected Credentials vulnerability in Automationdirect products The programming protocol allows for a previously entered password and lock state to be read by an attacker. | 7.5 |
| 2022-04-04 | CVE-2021-32980 | Improper Authentication vulnerability in Automationdirect products Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. | 9.8 |
| 2022-04-04 | CVE-2021-32982 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. | 7.5 |
| 2022-04-04 | CVE-2021-32984 | Improper Authentication vulnerability in Automationdirect products All programming connections receive the same unlocked privileges, which can result in a privilege escalation. | 9.8 |
| 2022-04-04 | CVE-2021-32986 | Incorrect Authorization vulnerability in Automationdirect products After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. | 9.8 |