216.73.217.86

CVE-2025-55038

· Published 23/09/2025 23:15 · Modified 24/09/2025 18:11

Labels: CVE-2025-55038 2025-09-23CVE-2025-55038CWE-862[email protected]

Essential information

Published
23/09/2025 23:15
Modified
24/09/2025 18:11
Author
Creator
CVSS
7.6 HIGH (v3) 7.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
click plus / c2-03cpu2 cpe:2.3:h:click_plus:c2-03cpu2:*:3.60:*:*:*:*:*:*

References