CVE-2026-61378

Summary

A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash.

Affected Software

VendorProductVersion RangeStatus
AutomationDirectProductivity Suite0 <= v4.6.2.2affected
AutomationDirectProductivity Suitev4.7.0.47unaffected

Weaknesses

  • CWE-369: CWE-369

Workarounds

If the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed.

  • Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure.
  • Use only trusted, dedicated internal networks or air-gapped systems for device communication.
  • Restrict both physical and logical access to authorized personnel only.
  • Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.
  • Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.
  • Enable and regularly review system logs to detect suspicious or unauthorized activity.
  • Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.
  • Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.

References