CVE-2025-58429

HIGH

Productivity Suite <4.4.1.19 - Path Traversal

Title source: llm

Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.

References (4)

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json

View Writeup ZIP pw:eip

[Various Sources] https://support.automationdirect.com/docs/securityconsiderations.pdf

[Various Sources] https://www.automationdirect.com/support/software-downloads

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

Scores

CVSS v3 7.5

EPSS 0.0058

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (8)

AutomationDirect/Productivity 1000 P1-540 CPU < SW v4.4.1.19

AutomationDirect/Productivity 1000 P1-550 CPU < SW v4.4.1.19

AutomationDirect/Productivity 2000 P2-550 CPU < SW v4.4.1.19

AutomationDirect/Productivity 2000 P2-622 CPU < SW v4.4.1.19

AutomationDirect/Productivity 3000 P3-530 CPU < SW v4.4.1.19

AutomationDirect/Productivity 3000 P3-550E CPU < SW V4.2.1.9

AutomationDirect/Productivity 3000 P3-622 CPU < SW V4.2.1.9

AutomationDirect/Productivity Suite < SW V4.2.1.9

Published Oct 23, 2025

Tracked Since Feb 18, 2026