PatchSiren cyber security CVE debrief
CVE-2025-61977 AutomationDirect CVE debrief
CVE-2025-61977 is a high-severity weakness in AutomationDirect Productivity Suite version 4.4.1.19. CISA describes it as a weak password recovery mechanism for forgotten passwords that can allow an attacker to decrypt an encrypted project by answering a single recovery question. The supplied advisory was published on 2025-10-23 and the enrichment does not list this CVE in CISA KEV.
- Vendor
- AutomationDirect
- Product
- Productivity Suite
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
OT engineers, control-system administrators, and security teams using AutomationDirect Productivity Suite, especially in environments that manage encrypted projects or connected Productivity PLC, HMI, or SCADA systems.
Technical summary
The issue is a weak forgotten-password recovery flow in Productivity Suite 4.4.1.19. According to the CISA CSAF advisory, an attacker can recover access to an encrypted project by answering just one recovery question. The advisory’s CVSS vector is AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack with low privileges and no user interaction, with potential high impact to confidentiality, integrity, and availability. CISA recommends updating the programming software to version 4.5.0.x or higher.
Defensive priority
High. The issue affects project confidentiality and can be addressed with a vendor update; the advisory also provides containment steps if upgrading is not immediately possible.
Recommended defensive actions
- Update Productivity Suite programming software to version 4.5.0.x or higher.
- Update the firmware of Productivity PLCs to the latest version using AutomationDirect's software download resources.
- If systems cannot be upgraded, physically disconnect the PLC from external networks, including the internet, LANs, and other interconnected systems.
- Segment the network to isolate the PLC from other devices and systems.
- Use firewall rules or network access control policies to block incoming and outgoing traffic to the PLC.
- Review AutomationDirect's security considerations and perform a network security analysis for the specific deployment.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-296-01 and the associated CVE record for CVE-2025-61977. The source description explicitly states that Productivity Suite version 4.4.1.19 has a weak password recovery mechanism that can enable decryption of an encrypted project by answering one recovery question. The advisory also includes the CVSS vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H and remediation guidance to upgrade to Productivity Suite 4.5.0.x or higher. The supplied enrichment marks the issue as not listed in CISA KEV.
Official resources
-
CVE-2025-61977 CVE record
CVE.org
-
CVE-2025-61977 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-25-296-01 and the CVE record on 2025-10-23. The supplied enrichment does not list CVE-2025-61977 in CISA KEV.