CVE-2025-57882 is a high-severity vulnerability affecting the AutomationDirect CLICK PLUS C0-0x CPU firmware, specifically identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability is categorized under CWE-404, which pertains to improper resource shutdown or release. In this case, the flaw allows an unauthenticated attacker to exhaust all available device sessions in the Remote PLC application by failing to properly release or shut down resources associated with sessions. This leads to a denial-of-service (DoS) condition, rendering the device unresponsive or unable to accept new legitimate connections. The vulnerability does not require any authentication or user interaction, and the attack vector is network-based (AV:N), but it has a high attack complexity (AC:H), indicating that exploitation requires specific conditions or knowledge. The impact is primarily on availability (VA:H), with no direct confidentiality or integrity impact. The vulnerability affects critical industrial control system (ICS) components used in automation environments, where PLCs (Programmable Logic Controllers) are essential for controlling manufacturing and industrial processes. The absence of available patches at the time of publication increases the urgency for mitigation. No known exploits are currently in the wild, but the high CVSS score of 8.2 reflects the significant potential impact if exploited. The vulnerability’s root cause is improper resource management in the firmware, which can be triggered remotely without credentials, making it a serious concern for operational continuity in industrial settings.

For European organizations, especially those operating in manufacturing, utilities, and critical infrastructure sectors, this vulnerability poses a significant risk to operational availability. Industrial environments relying on AutomationDirect CLICK PLUS PLCs could experience service interruptions, production downtime, or safety system failures if the device becomes unresponsive due to session exhaustion. This can lead to financial losses, safety hazards, and disruption of supply chains. The fact that exploitation requires no authentication means that attackers can attempt to disrupt operations from outside the network perimeter if the devices are exposed or accessible via remote connections. Given the increasing digitization and remote management of industrial control systems in Europe, the risk of such DoS attacks impacting critical infrastructure is heightened. Additionally, the lack of confidentiality or integrity impact reduces the risk of data theft or manipulation but does not diminish the operational risks associated with availability loss.

1. Network Segmentation: Isolate PLC devices from general IT networks and restrict access to trusted management stations only. 2. Access Control: Implement strict firewall rules to block unauthorized inbound connections to the Remote PLC application ports, especially from untrusted networks or the internet. 3. Monitoring and Rate Limiting: Deploy network monitoring to detect unusual session creation patterns and implement rate limiting to prevent session exhaustion attacks. 4. Firmware Updates: Monitor AutomationDirect advisories closely for patches or firmware updates addressing this vulnerability and apply them promptly once available. 5. Incident Response Preparedness: Develop and test response plans for DoS events affecting PLCs to minimize downtime and restore operations quickly. 6. Vendor Engagement: Engage with AutomationDirect support to obtain guidance or beta patches if available and report any suspicious activity related to this vulnerability. 7. Physical Security: Ensure physical access controls are in place to prevent local exploitation or unauthorized device resets that could exacerbate the issue.