PatchSiren cyber security CVE debrief
CVE-2025-59776 AutomationDirect CVE debrief
CVE-2025-59776 is a relative path traversal vulnerability in AutomationDirect Productivity Suite version 4.4.1.19. According to the CISA CSAF advisory, an unauthenticated remote attacker may interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine. AutomationDirect advises updating Productivity Suite to version 4.5.0.x or later and applying additional network segmentation and access-control mitigations where upgrades are not immediately possible.
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
AutomationDirect Productivity Suite users, especially OT/ICS administrators, engineers, and security teams managing PLC simulation or programming workstations. Environments exposing the software or related PLC services to broader networks should prioritize review.
Technical summary
The advisory describes a relative path traversal issue in Productivity Suite 4.4.1.19. The impact stated in the source is limited to unauthenticated remote interaction with the ProductivityService PLC simulator and arbitrary directory creation on the target machine. The supplied CVSS vector indicates network attackability with low integrity impact and no confidentiality or availability impact in the vector used by the advisory.
Defensive priority
Medium. The issue is remotely reachable and unauthenticated, but the published severity is medium and the documented impact is limited to integrity-related effects. Patch planning should still be prompt for any exposed or shared OT engineering systems.
Recommended defensive actions
- Update AutomationDirect Productivity Suite to version 4.5.0.x or higher.
- Update Productivity PLC firmware to the latest version, using AutomationDirect's software download resources.
- If upgrading is not immediately possible, physically disconnect affected PLCs from external networks where feasible.
- Isolate PLCs with network segmentation to reduce exposure.
- Implement firewall or NAC rules to restrict traffic to and from the PLC environment.
- Review AutomationDirect's security considerations and perform a network security analysis appropriate to the deployment.
- Contact AutomationDirect Technical Support if clarification or assistance is needed.
Evidence notes
All substantive claims here are drawn from the CISA CSAF advisory for ICSA-25-296-01 and the supplied CVE metadata. The advisory text states the vulnerability is present in Productivity Suite 4.4.1.19, affects the ProductivityService PLC simulator, and allows arbitrary directory creation by an unauthenticated remote attacker. Remediation guidance in the source specifies upgrading to Productivity Suite 4.5.0.x or higher and applying network/physical isolation measures when upgrading is not possible. Published and modified timestamps supplied with the CVE and source both indicate 2025-10-23T06:00:00Z.
Official resources
-
CVE-2025-59776 CVE record
CVE.org
-
CVE-2025-59776 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA's advisory ICSA-25-296-01 on 2025-10-23. The supplied source corpus does not indicate KEV listing or confirmed active exploitation.