CVE-2025-60023
published 2025-10-23CVE-2025-60023: A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote…
PriorityP427medium4CVSS 3.1
AVNACHPRNUINSCCNILAN
EPSS
0.46%
36.9th percentile
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automationdirect | productivity_1000_p1-540_cpu | < SW v4.4.1.19 | SW v4.4.1.19 |
| automationdirect | productivity_1000_p1-550_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_2000_p2-550_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_2000_p2-622_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_3000_p3-530_cpu | <= SW v4.4.1.19 | — |
| automationdirect | productivity_3000_p3-550e_cpu | <= SW V4.2.1.9 | — |
| automationdirect | productivity_3000_p3-622_cpu | <= SW V4.2.1.9 | — |
| automationdirect | productivity_suite | <= SW V4.2.1.9 | — |
CVSS provenance
nvdv3.14.0MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
AutomationDirect Productivity Suite
cisa_ics·2025-10-23·CVSS 8.8
[HIGH] AutomationDirect Productivity Suite
ICS Advisory
##
AutomationDirect Productivity Suite
Release DateOctober 23, 2025
Alert CodeICSA-25-296-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: AutomationDirect
- Equipment: Productivity Suite
- Vulnerabilities: Relative Path Traversal, Weak Password Recovery Mechanism for Forgotten Password, Incorrect Permission Assignment for Critical Resource, Binding to an Unrestricted IP Address
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary code, disclose information, gain full-control access to projects, or obtain read and write access
GHSA
GHSA-x2hr-hc3f-wj3x: A relative path traversal vulnerability was discovered in Productivity Suite software version 4
ghsa_unreviewed·2025-10-24
CVE-2025-60023 [MEDIUM] CWE-23 GHSA-x2hr-hc3f-wj3x: A relative path traversal vulnerability was discovered in Productivity Suite software version 4
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-23
Published