CVE-2025-58078

AutomationDirect Productivity Suite Relative Path Traversal

CVSS 8.3 HIGHEPSS 0.6%CWE-23

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L

Productos afectados

AutomationDirect · Productivity 1000 P1-540 CPU AutomationDirect · Productivity 1000 P1-550 CPU AutomationDirect · Productivity 2000 P2-550 CPU AutomationDirect · Productivity 2000 P2-622 CPU AutomationDirect · Productivity 3000 P3-530 CPU AutomationDirect · Productivity 3000 P3-550E CPU AutomationDirect · Productivity 3000 P3-622 CPU AutomationDirect · Productivity Suite

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json https://support.automationdirect.com/docs/securityconsiderations.pdf https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01