Critical Vulnerabilities in AutomationDirect CLICK PLC Expose OT Systems to Attacks
CISA advisory reveals multiple high-severity flaws in AutomationDirect CLICK PLCs, enabling privilege escalation, data decryption, and unauthorized access. Patch immediately.
Critical Flaws in AutomationDirect CLICK PLCs Pose Serious OT Security Risks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed multiple vulnerabilities in AutomationDirect’s CLICK Programmable Logic Controllers (PLCs) that could allow attackers to impersonate users, escalate privileges, gain unauthorized system access, and decrypt sensitive data. The advisory (ICSA-26-022-02), published on January 22, 2026, highlights critical security gaps in widely used operational technology (OT) environments.
Technical Details of the Vulnerabilities
While CISA’s advisory references a CSAF document for full technical specifications, the identified flaws affect the following versions of AutomationDirect CLICK PLCs:
- Affected Versions: Specific firmware versions are not yet publicly detailed, but the advisory confirms that successful exploitation could lead to:
- Privilege escalation (enabling attackers to gain elevated access)
- User impersonation (spoofing legitimate accounts)
- Unauthorized access to critical OT systems and services
- Decryption of sensitive data (potentially exposing confidential configurations or process controls)
The vulnerabilities are classified under CVE-2026-XXXX (placeholder; exact CVE IDs pending public release in the CSAF document). Security professionals should monitor the advisory for updates on severity scores (CVSS) and mitigation guidance.
Impact Analysis: Why These Flaws Matter
AutomationDirect CLICK PLCs are widely deployed in industrial control systems (ICS) across sectors such as manufacturing, energy, and water treatment. Exploitation of these vulnerabilities could result in:
- Operational disruption: Unauthorized changes to PLC logic could halt production lines or alter critical processes.
- Data breaches: Decryption of sensitive data may expose proprietary configurations or compliance-protected information.
- Lateral movement: Attackers could pivot from compromised PLCs to other OT/IT systems, escalating the scope of an attack.
- Safety risks: In worst-case scenarios, tampering with PLC-controlled machinery could pose physical safety hazards.
Given the high-risk nature of OT environments, where uptime and reliability are paramount, these vulnerabilities demand immediate attention from asset owners and security teams.
Recommended Actions for Security Teams
CISA and AutomationDirect have not yet released official patches or workarounds. However, organizations using affected CLICK PLCs should:
- Monitor the Advisory: Regularly check CISA’s ICS Advisory page for updates on patches, CVEs, and mitigation strategies.
- Isolate Critical Systems: Segment PLCs from corporate networks and restrict remote access to minimize exposure.
- Implement Network Monitoring: Deploy OT-specific intrusion detection systems (IDS) to detect anomalous traffic or unauthorized access attempts.
- Review Authentication Controls: Enforce multi-factor authentication (MFA) and strong password policies for PLC management interfaces.
- Prepare Incident Response Plans: Ensure OT-specific incident response procedures are in place to address potential breaches swiftly.
For further technical details, refer to the CSAF document linked in the advisory.
This is a developing story. Updates will be provided as more information becomes available.