PatchSiren cyber security CVE debrief
CVE-2025-58456 AutomationDirect CVE debrief
CVE-2025-58456 is a relative path traversal vulnerability in AutomationDirect Productivity Suite version 4.4.1.19. According to the CISA advisory, an unauthenticated remote attacker may be able to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine. AutomationDirect and CISA recommend upgrading to Productivity Suite 4.5.0.x or later and applying network isolation and access-control mitigations where upgrading is not immediately possible.
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
Organizations using AutomationDirect Productivity Suite 4.4.1.19, especially engineering workstations and OT environments that expose the ProductivityService PLC simulator or connect to Productivity PLCs. Asset owners responsible for PLCs, HMIs, SCADA, and segmented industrial networks should review exposure promptly.
Technical summary
The advisory describes a relative path traversal flaw affecting Productivity Suite 4.4.1.19. The reported impact is unauthenticated, remote interaction with the ProductivityService PLC simulator and arbitrary file reads on the target machine. The published CVSS v3.1 vector is AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N, corresponding to a medium severity score of 6.8. The source corpus does not indicate code execution, integrity impact, or denial-of-service impact for this issue.
Defensive priority
Medium-high for exposed OT/engineering environments. While the published severity is medium, the combination of unauthenticated remote access and arbitrary file read can expose sensitive configuration, credentials, or engineering data if the simulator or related services are reachable.
Recommended defensive actions
- Update Productivity Suite programming software to version 4.5.0.x or higher.
- Update Productivity PLC firmware to the latest version from AutomationDirect.
- If immediate upgrade is not possible, physically disconnect the PLC from external networks, including the internet, LANs, and interconnected systems.
- Segment the network so the PLC is isolated from other devices and systems.
- Apply firewall rules or NAC policies to block inbound and outbound traffic to the PLC.
- Review AutomationDirect's security considerations and perform a network security assessment for the affected deployment.
- Contact AutomationDirect Technical Support if clarification or assistance is needed.
Evidence notes
All substantive claims are taken from the CISA CSAF advisory source item for ICSA-25-296-01 and the associated CVE record metadata provided in the corpus. The advisory states the affected version as 4.4.1.19, describes the issue as a relative path traversal vulnerability, and lists the mitigation to update to version 4.5.0.x or higher. The corpus also provides the CVSS v3.1 vector AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N and identifies the issue as public as of 2025-10-23. No exploit code, weaponized reproduction steps, or additional impact claims are included here.
Official resources
-
CVE-2025-58456 CVE record
CVE.org
-
CVE-2025-58456 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and reflected in the CVE record on 2025-10-23. The source corpus does not list this issue in CISA's Known Exploited Vulnerabilities catalog, and no ransomware-campaign association is provided.