CVE-2025-61977

AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

CVSS 7.3 HIGHEPSS 0.1%CWE-640

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

AutomationDirect · Productivity 1000 P1-540 CPU AutomationDirect · Productivity 1000 P1-550 CPU AutomationDirect · Productivity 2000 P2-550 CPU AutomationDirect · Productivity 2000 P2-622 CPU AutomationDirect · Productivity 3000 P3-530 CPU AutomationDirect · Productivity 3000 P3-550E CPU AutomationDirect · Productivity 3000 P3-622 CPU AutomationDirect · Productivity Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json https://support.automationdirect.com/docs/securityconsiderations.pdf https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01