CVE-2025-58456

MEDIUM

Productivity Suite <4.4.1.19 - Path Traversal

Title source: llm

Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

References (4)

[Various Sources] https://www.automationdirect.com/support/software-downloads

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json

View Writeup ZIP pw:eip

[Various Sources] https://support.automationdirect.com/docs/securityconsiderations.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

Scores

CVSS v3 6.8

EPSS 0.0010

EPSS Percentile 26.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-23

Status draft

Timeline

Published Oct 23, 2025

Tracked Since Feb 18, 2026