CVE-2025-59776

MEDIUM

Productivity Suite <4.4.1.19 - Path Traversal

Title source: llm

Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.

References (4)

[Various Sources] https://support.automationdirect.com/docs/securityconsiderations.pdf

[Various Sources] https://www.automationdirect.com/support/software-downloads

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json

View Writeup ZIP pw:eip

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

Scores

CVSS v3 4.0

EPSS 0.0011

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Classification

CWE

CWE-23

Status draft

Timeline

Published Oct 23, 2025

Tracked Since Feb 18, 2026