CVE-2025-62498

AutomationDirect Productivity Suite Relative Path Traversal

CVSS 8.6 HIGHEPSS 0.5%CWE-23

A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

AutomationDirect · Productivity 1000 P1-540 CPU AutomationDirect · Productivity 1000 P1-550 CPU AutomationDirect · Productivity 2000 P2-550 CPU AutomationDirect · Productivity 2000 P2-622 CPU AutomationDirect · Productivity 3000 P3-530 CPU AutomationDirect · Productivity 3000 P3-550E CPU AutomationDirect · Productivity 3000 P3-622 CPU AutomationDirect · Productivity Suite

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01