Primary

Context

AutomationDirect Productivity Suite Relative Path Traversal Vulnerability Allowing Arbitrary File Writing

Vulnerability

Patched

A relative path traversal vulnerability has been identified in AutomationDirect Productivity Suite version 4.4.1.19 and prior. This vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.

Impact

Exploitation of this vulnerability could enable an attacker to execute arbitrary code on the machine where the affected project is opened.

Remediation

Users are advised to update the Productivity Suite programming software to version 4.5.0.x or higher. For instances where systems cannot be upgraded, AutomationDirect recommends physically disconnecting the PLC from any external networks, configuring network segmentation to isolate the PLC from other devices, and implementing firewall rules or network access control policies to block traffic to the PLC.

Added: Oct 23, 2025, 10:27 PM

Updated: Oct 23, 2025, 10:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AutomationDirect Productivity Suite Relative Path Traversal Vulnerability Allowing Arbitrary File Writing

Vulnerability

Impact

Remediation

Affected Products

AutomationDirect Productivity Suite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating