Volerion logoVolerion
Volerion logoVolerion

AutomationDirect Productivity Suite Relative Path Traversal Vulnerability

Vulnerability

A relative path traversal vulnerability has been identified in AutomationDirect Productivity Suite version 4.4.1.19 and prior. This vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

Impact

Exploitation of this vulnerability could enable an attacker to read arbitrary files on the affected machine, potentially leading to unauthorized information disclosure.

Remediation

Users are advised to update the Productivity Suite programming software to version 4.5.0.x or higher. For instances where systems cannot be upgraded, AutomationDirect recommends physically disconnecting the PLC from any external networks, configuring network segmentation to isolate the PLC from other devices and systems, and implementing firewall rules or network access control policies to block incoming and outgoing traffic to the PLC. Additional information can be found in AutomationDirect's security considerations document.

Added: Oct 23, 2025, 10:25 PM
Updated: Oct 23, 2025, 10:25 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
6.2
remediation
0.0
relevance
0.8
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.