CVE-2025-58429

HIGH

Productivity Suite <4.4.1.19 - Path Traversal

Title source: llm

Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.

References (4)

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json

View Writeup ZIP pw:eip

[Various Sources] https://support.automationdirect.com/docs/securityconsiderations.pdf

[Various Sources] https://www.automationdirect.com/support/software-downloads

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

Scores

CVSS v3 7.5

EPSS 0.0122

EPSS Percentile 78.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

Classification

CWE

CWE-23

Status draft

Timeline

Published Oct 23, 2025

Tracked Since Feb 18, 2026