CVE-2025-58473 is a high-severity vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting the AutomationDirect CLICK PLUS C0-0x CPU firmware, specifically version 3.60. The vulnerability arises from improper handling of device sessions within the Click Programming Software interface, which manages connections to the programmable logic controller (PLC) device. An unauthenticated attacker can exploit this flaw remotely over the network to exhaust all available device sessions by repeatedly opening connections without proper release or shutdown of resources. This leads to a denial-of-service (DoS) condition, rendering the device unresponsive to legitimate programming or control commands. The vulnerability does not require any authentication or user interaction, but it does have a high attack complexity, indicating some non-trivial conditions must be met to successfully exploit it. The CVSS 4.0 base score is 8.2, reflecting a high impact on availability (VA:H) with no impact on confidentiality or integrity. The scope is unchanged, and no privileges or user interaction are required. The vulnerability affects industrial control systems (ICS), specifically PLCs used in automation environments, which are critical for operational technology (OT) infrastructure. No known exploits are currently reported in the wild, and no patches have been released yet. Given the nature of the device and the vulnerability, attackers could disrupt industrial processes by denying legitimate access to the PLC, potentially halting production lines or critical infrastructure operations relying on these controllers.

For European organizations, especially those in manufacturing, utilities, and critical infrastructure sectors, this vulnerability poses a significant risk. AutomationDirect CLICK PLUS PLCs are used in various industrial automation scenarios, including factory automation, building management, and process control. A successful DoS attack could interrupt production workflows, cause operational downtime, and lead to financial losses. In safety-critical environments such as energy grids or water treatment plants, disruption of PLC availability could have cascading effects on public safety and service continuity. Since the vulnerability can be exploited without authentication, attackers from outside the organization or insider threats could trigger the DoS remotely. This elevates the risk profile for European industrial operators who rely on these devices. Additionally, the lack of patches means organizations must rely on mitigation strategies until a firmware update is available. The impact is heightened in countries with a strong industrial base and extensive use of AutomationDirect products in OT environments.

1. Network Segmentation: Isolate PLC devices and their programming interfaces within dedicated OT network segments, separated from corporate IT networks and the internet by firewalls and access control lists (ACLs). 2. Access Control: Restrict access to the Click Programming Software interface to authorized personnel only, using VPNs or jump hosts with strong authentication mechanisms. 3. Monitoring and Rate Limiting: Implement network monitoring to detect unusual connection patterns indicative of session exhaustion attempts. Deploy rate limiting on the PLC communication ports to prevent rapid session creation. 4. Incident Response Preparedness: Develop and test response plans for PLC DoS scenarios to quickly restore device availability. 5. Vendor Coordination: Engage with AutomationDirect for timely firmware updates or patches addressing this vulnerability. 6. Physical Security: Ensure physical access to PLC devices is controlled to prevent local exploitation attempts. 7. Alternative Programming Methods: Where possible, use offline programming or scheduled maintenance windows to reduce exposure during critical operations. These measures go beyond generic advice by focusing on network architecture, access restrictions, and operational procedures tailored to the specific vulnerability and device context.