← volver
CVE-2025-61977

AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

CVSS 7.3 HIGHEPSS 0.1%CWE-640
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
AutomationDirect · Productivity 1000 P1-540 CPUAutomationDirect · Productivity 1000 P1-550 CPUAutomationDirect · Productivity 2000 P2-550 CPUAutomationDirect · Productivity 2000 P2-622 CPUAutomationDirect · Productivity 3000 P3-530 CPUAutomationDirect · Productivity 3000 P3-550E CPUAutomationDirect · Productivity 3000 P3-622 CPUAutomationDirect · Productivity Suite

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.jsonhttps://support.automationdirect.com/docs/securityconsiderations.pdfhttps://www.automationdirect.com/support/software-downloadshttps://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01