CVE-2025-55038 is an authorization bypass vulnerability identified in the firmware version 3.60 of the AutomationDirect CLICK PLUS C0-0x CPU series, specifically affecting the Click Plus C2-03CPU2 device. The vulnerability arises from improper enforcement of authorization controls within the KOPR protocol, which is used by the Remote PLC application to communicate with the programmable logic controller (PLC). Authenticated users who possess only low-level access permissions can exploit this flaw to read and modify PLC variables that should be restricted to higher privilege levels. This effectively allows unauthorized escalation of privileges within the device, compromising the integrity and confidentiality of the industrial control system's operational data. The vulnerability is classified under CWE-862 (Missing Authorization), indicating that the system fails to properly verify whether a user is authorized to perform certain actions. The CVSS v4.0 base score is 7.6 (high severity), reflecting the network attack vector (no physical access needed), the requirement for low-level privileges, and the significant impact on confidentiality and integrity of the system. No user interaction or authentication bypass is required beyond the low-level authenticated access. Although no known exploits are currently observed in the wild, the vulnerability poses a substantial risk to industrial environments relying on these PLCs for automation control. The lack of available patches at the time of publication further increases the urgency for mitigation.

For European organizations, especially those operating in industrial automation, manufacturing, utilities, and critical infrastructure sectors, this vulnerability presents a serious risk. Exploitation could lead to unauthorized manipulation of PLC variables, potentially causing operational disruptions, safety hazards, and production downtime. The integrity of automated processes could be compromised, leading to incorrect system behavior or damage to physical equipment. Confidentiality breaches could expose sensitive operational data, which may be leveraged for further attacks or industrial espionage. Given the widespread use of AutomationDirect CLICK PLUS PLCs in European industrial environments, organizations could face significant operational and financial impacts. Additionally, regulatory compliance requirements such as the NIS Directive and GDPR may be implicated if the vulnerability leads to data breaches or service disruptions. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the need for immediate attention.

European organizations should implement the following specific mitigation measures: 1) Immediately review and restrict user access permissions to the minimum necessary level, ensuring that only trusted personnel have low-level authenticated access to the Remote PLC application. 2) Monitor network traffic for unusual or unauthorized KOPR protocol communications, employing anomaly detection tools tailored for industrial control system protocols. 3) Segment the network to isolate PLC devices from broader enterprise networks, limiting exposure to potentially compromised user accounts. 4) Implement strict logging and auditing of all PLC access and variable modifications to detect unauthorized activities promptly. 5) Engage with AutomationDirect for firmware updates or patches as they become available, and plan for rapid deployment once released. 6) Conduct security awareness training focused on the risks of unauthorized access within industrial control environments. 7) Consider deploying additional access control mechanisms such as multi-factor authentication for Remote PLC application access, if supported. These steps go beyond generic advice by focusing on access control tightening, network segmentation, and active monitoring specific to the affected devices and protocols.