PatchSiren cyber security CVE debrief
CVE-2025-60023 AutomationDirect CVE debrief
CVE-2025-60023 is a medium-severity issue in AutomationDirect Productivity Suite version 4.4.1.19. CISA reports that a relative path traversal vulnerability can let an unauthenticated remote attacker interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. The vendor advises upgrading Productivity Suite to version 4.5.0.x or later, and isolating PLC systems when upgrades are not possible.
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
Organizations using AutomationDirect Productivity Suite 4.4.1.19, especially engineering workstations or OT environments that expose the ProductivityService PLC simulator. PLC operators, industrial control system administrators, and security teams responsible for network segmentation and workstation hardening should treat this as relevant.
Technical summary
The advisory describes a relative path traversal weakness in Productivity Suite 4.4.1.19. Because the issue is reachable by an unauthenticated remote attacker, it may allow interaction with the ProductivityService PLC simulator outside intended path boundaries and result in arbitrary directory deletion on the target machine. The published CVSS vector indicates network attackability with no privileges or user interaction required, and integrity impact limited to low in the advisory scoring context.
Defensive priority
Medium. The issue is publicly disclosed and remotely reachable, but the reported impact is limited to directory deletion and simulator interaction rather than full compromise. Prioritize remediation for any exposed or operationally sensitive installations, especially where engineering workstations or PLC management systems are reachable from broader networks.
Recommended defensive actions
- Update Productivity Suite to version 4.5.0.x or higher, per vendor guidance.
- Update Productivity PLC firmware to the latest version from AutomationDirect.
- If upgrading is not possible, physically disconnect the PLC from external networks, including the internet and LANs.
- Segment the network so the PLC is isolated from other systems.
- Apply firewall rules or NAC policies to block incoming and outgoing traffic to the PLC.
- Review AutomationDirect security considerations and perform a network security analysis for the deployment environment.
Evidence notes
All impact and remediation statements above are drawn from the CISA CSAF advisory for ICSA-25-296-01 / CVE-2025-60023 and its listed remediation guidance. The advisory states the affected software version as 4.4.1.19 and recommends upgrading to 4.5.0.x or later. Timing context uses the advisory/CVE publication date of 2025-10-23 as provided in the source corpus.
Official resources
-
CVE-2025-60023 CVE record
CVE.org
-
CVE-2025-60023 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICS Advisory ICSA-25-296-01 on 2025-10-23; CVE publication and modification dates are the same in the supplied source corpus.