PatchSiren cyber security CVE debrief
CVE-2025-61934 AutomationDirect CVE debrief
CVE-2025-61934 is a critical AutomationDirect Productivity Suite issue disclosed on 2025-10-23. According to the CISA/AutomationDirect advisory, version 4.4.1.19 can bind to an unrestricted IP address, allowing an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine. CISA rates the issue 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
OT/ICS defenders, AutomationDirect customers, plant engineers, and administrators responsible for Productivity Suite installs, PLC simulators, and connected Productivity PLC environments should treat this as urgent.
Technical summary
The advisory describes a network-reachable service in Productivity Suite 4.4.1.19 that is bound to an unrestricted IP address. That exposure permits unauthenticated remote access to ProductivityService PLC simulator functions, with potential arbitrary file and folder read/write/delete actions on the host. The vendor remediation is to upgrade Productivity Suite programming software to 4.5.0.x or higher and update Productivity PLC firmware to the latest version; if upgrade is not possible, AutomationDirect recommends physically disconnecting PLCs from external networks, segmenting them, and enforcing firewall or NAC controls.
Defensive priority
Immediate / critical. This is unauthenticated, network-reachable, and scored at CVSS 10.0 with high impacts to confidentiality, integrity, and availability.
Recommended defensive actions
- Upgrade Productivity Suite programming software to version 4.5.0.x or higher.
- Update the firmware of Productivity PLCs to the latest version.
- Restrict exposure by physically disconnecting affected PLCs from external networks where feasible.
- Segment PLCs from other systems and networks.
- Apply firewall rules or NAC policies to block unnecessary inbound and outbound traffic to the PLC.
- Review AutomationDirect security considerations and validate the security posture of any Productivity Suite deployments.
Evidence notes
All claims above are drawn from the supplied CISA CSAF advisory and associated official references. The advisory explicitly states the affected version (4.4.1.19), the unauthenticated remote attack path, the PLC simulator interaction, and arbitrary file/folder read, write, and delete impact. The supplied record also includes the vendor remediation guidance and the CVSS 3.1 vector used by CISA.
Official resources
-
CVE-2025-61934 CVE record
CVE.org
-
CVE-2025-61934 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and AutomationDirect on 2025-10-23; not listed as a KEV item in the supplied enrichment.