← voltar
CVE-2025-58456

AutomationDirect Productivity Suite Relative Path Traversal

CVSS 8.2 HIGHEPSS 0.6%CWE-23
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Produtos afetados
AutomationDirect · Productivity 1000 P1-540 CPUAutomationDirect · Productivity 1000 P1-550 CPUAutomationDirect · Productivity 2000 P2-550 CPUAutomationDirect · Productivity 2000 P2-622 CPUAutomationDirect · Productivity 3000 P3-530 CPUAutomationDirect · Productivity 3000 P3-550E CPUAutomationDirect · Productivity 3000 P3-622 CPUAutomationDirect · Productivity Suite

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.jsonhttps://support.automationdirect.com/docs/securityconsiderations.pdfhttps://www.automationdirect.com/support/software-downloadshttps://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01