Volerion logoVolerion
Volerion logoVolerion

AutomationDirect Productivity Suite Binding to Unrestricted IP Address Vulnerability Allowing File Manipulation

Vulnerability

A vulnerability allowing interaction with the ProductivityService PLC simulator has been identified in AutomationDirect Productivity Suite version 4.4.1.19 and prior. This binding to an unrestricted IP address vulnerability enables an unauthenticated remote attacker to read, write, or delete arbitrary files and folders on the target machine.

Impact

Exploitation of this vulnerability could lead to unauthorized file manipulation, allowing for the reading, writing, or deletion of files and directories on the affected system.

Remediation

Users are advised to update the Productivity Suite software to version 4.5.0.x or higher. For instances where systems cannot be upgraded, AutomationDirect recommends physically disconnecting the PLC from external networks, configuring network segmentation to isolate the PLC, and implementing firewall rules or network access control policies to block traffic to the PLC. Additional guidance can be found in AutomationDirect's security considerations document.

Added: Oct 23, 2025, 10:21 PM
Updated: Oct 23, 2025, 10:21 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
7.4
remediation
0.0
relevance
0.8
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.