PatchSiren cyber security CVE debrief
CVE-2025-58078 AutomationDirect CVE debrief
CVE-2025-58078 is a high-severity issue in AutomationDirect Productivity Suite 4.4.1.19. CISA’s advisory says an unauthenticated remote attacker can use a relative path traversal weakness to interact with the ProductivityService PLC simulator and write arbitrary data files on the target machine. AutomationDirect’s stated fix is to upgrade Productivity Suite to 4.5.0.x or later, and to apply PLC firmware updates and network isolation controls where upgrading is not immediately possible.
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
Organizations running AutomationDirect Productivity Suite, especially OT/ICS teams, plant engineers, and administrators responsible for PLC simulators or connected Productivity PLC environments. Any deployment exposed to untrusted networks or lacking strong segmentation should treat this as urgent.
Technical summary
The advisory describes a relative path traversal vulnerability in Productivity Suite version 4.4.1.19. Because the attack is unauthenticated and remote, a network-adjacent or internet-reachable exposure could let an attacker reach the ProductivityService PLC simulator and write files containing arbitrary data on the target machine. The source advisory recommends updating Productivity Suite to version 4.5.0.x or higher, updating PLC firmware, and using isolation measures such as physical disconnection, segmentation, and firewall/NAC controls if upgrades cannot be completed immediately.
Defensive priority
High. The issue is remotely reachable, requires no authentication, and affects an OT/ICS product where even limited file-write impact can have operational consequences. Prioritize patching or isolation before normal maintenance cycles if the product is reachable from broader networks.
Recommended defensive actions
- Upgrade AutomationDirect Productivity Suite to version 4.5.0.x or higher.
- Update the firmware of Productivity PLCs to the latest available version.
- If you cannot upgrade immediately, physically disconnect the PLC from external networks where feasible.
- Segment the PLC network to isolate it from other organizational systems.
- Use firewall rules or NAC policies to block inbound and outbound traffic to the PLC.
- Review AutomationDirect security considerations and validate whether ProductivityService exposure exists in your environment.
- Confirm whether any affected Productivity Suite installations are version 4.4.1.19 and prioritize them for remediation.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF advisory for ICSA-25-296-01 / CVE-2025-58078, published and modified on 2025-10-23. The advisory states the vulnerability affects Productivity Suite 4.4.1.19, allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data, and recommends updating to Productivity Suite 4.5.0.x or higher plus network isolation mitigations. The supplied enrichment also indicates this CVE is not in CISA KEV.
Official resources
-
CVE-2025-58078 CVE record
CVE.org
-
CVE-2025-58078 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-296-01 on 2025-10-23. The supplied timeline shows the CVE published and modified on the same date. No CISA KEV listing is indicated in the supplied enrichment.