CVE-2025-58429
8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L
Summary
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AutomationDirect | Productivity Suite | 0 <= SW V4.2.1.9 | affected |
| AutomationDirect | Productivity 3000 P3-622 CPU | 0 <= SW V4.2.1.9 | affected |
| AutomationDirect | Productivity 3000 P3-550E CPU | 0 <= SW V4.2.1.9 | affected |
| AutomationDirect | Productivity 3000 P3-530 CPU | 0 <= SW v4.4.1.19 | affected |
| AutomationDirect | Productivity 2000 P2-622 CPU | 0 <= SW v4.4.1.19 | affected |
| AutomationDirect | Productivity 2000 P2-550 CPU | 0 <= SW v4.4.1.19 | affected |
| AutomationDirect | Productivity 1000 P1-550 CPU | 0 <= SW v4.4.1.19 | affected |
| AutomationDirect | Productivity 1000 P1-540 CPU | 0 < SW v4.4.1.19 | affected |
Weaknesses
- CWE-23: CWE-23
Workarounds
AutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to the latest version:
- Physically disconnect the PLC from any external networks, including the internet, local area networks (LANs), and other interconnected systems.
- Configure network segmentation to isolate the PLC from other devices and systems within the organization.
- Implement firewall rules or network access control (NAC) policies to block incoming and outgoing traffic to the PLC.
- Please refer to AutomationDirect's security considerations https://support.automationdirect.com/docs/securityconsiderations.pdf for additional information.
- If you have any questions regarding this issue, please contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for further assistance.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
- https://www.automationdirect.com/support/software-downloads
- https://support.automationdirect.com/docs/securityconsiderations.pdf
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.