These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-67652 is a medium-severity credential exposure issue in AutomationDirect CLICK Programmable Logic Controller environments. According to CISA’s advisory, an attacker who can access the project file may recover exposed credentials and use them to impersonate users, escalate privileges, or gain unauthorized access to systems and services. AutomationDirect recommends updating CLICK PLUS firmware to V [truncated]
CVE-2025-25051 is a Medium-severity industrial control systems issue affecting AutomationDirect CLICK Programmable Logic Controller products. According to the CISA advisory, an attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially reach network resources for lateral movement. The published CVSS 3.1 vector indicates local access with low privileges and no user inte [truncated]
CISA published advisory ICSA-25-296-01 on 2025-10-23 for CVE-2025-62688 in AutomationDirect Productivity Suite. The issue is an incorrect permission assignment in version 4.4.1.19 that can allow a low-privileged attacker to change their role and gain full control access to the project. AutomationDirect’s published remediation is to update Productivity Suite to 4.5.0.x or higher, and to apply OT network ha [truncated]
CVE-2025-62498 is a high-severity ZipSlip-style relative path traversal issue in AutomationDirect Productivity Suite version 4.4.1.19. According to CISA’s advisory, an attacker who can tamper with a productivity project may be able to execute arbitrary code on the machine where the project is opened. The primary remediation is to move to Productivity Suite 4.5.0.x or higher and apply vendor guidance for c [truncated]
CVE-2025-61977 is a high-severity weakness in AutomationDirect Productivity Suite version 4.4.1.19. CISA describes it as a weak password recovery mechanism for forgotten passwords that can allow an attacker to decrypt an encrypted project by answering a single recovery question. The supplied advisory was published on 2025-10-23 and the enrichment does not list this CVE in CISA KEV.
CVE-2025-61934 is a critical AutomationDirect Productivity Suite issue disclosed on 2025-10-23. According to the CISA/AutomationDirect advisory, version 4.4.1.19 can bind to an unrestricted IP address, allowing an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine. CISA rates the issue 10.0 (CV [truncated]
CVE-2025-60023 is a medium-severity issue in AutomationDirect Productivity Suite version 4.4.1.19. CISA reports that a relative path traversal vulnerability can let an unauthenticated remote attacker interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. The vendor advises upgrading Productivity Suite to version 4.5.0.x or later, and isolating PLC syste [truncated]
CVE-2025-59776 is a relative path traversal vulnerability in AutomationDirect Productivity Suite version 4.4.1.19. According to the CISA CSAF advisory, an unauthenticated remote attacker may interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine. AutomationDirect advises updating Productivity Suite to version 4.5.0.x or later and applying additional netw [truncated]
CVE-2025-58456 is a relative path traversal vulnerability in AutomationDirect Productivity Suite version 4.4.1.19. According to the CISA advisory, an unauthenticated remote attacker may be able to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine. AutomationDirect and CISA recommend upgrading to Productivity Suite 4.5.0.x or later and applying network isola [truncated]
CVE-2025-58429 is a high-severity issue in AutomationDirect Productivity Suite version 4.4.1.19. According to the CISA CSAF advisory published on 2025-10-23, a relative path traversal vulnerability may allow an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine. AutomationDirect recommends upgrading Productivity Suite to [truncated]
CVE-2025-58078 is a high-severity issue in AutomationDirect Productivity Suite 4.4.1.19. CISA’s advisory says an unauthenticated remote attacker can use a relative path traversal weakness to interact with the ProductivityService PLC simulator and write arbitrary data files on the target machine. AutomationDirect’s stated fix is to upgrade Productivity Suite to 4.5.0.x or later, and to apply PLC firmware u [truncated]
CVE-2025-59484 affects AutomationDirect CLICK PLUS PLC firmware, where firmware version 3.60 uses an insecure implementation of RSA. CISA published the advisory on 2025-09-23 with a HIGH CVSS score of 8.3. The vendor recommends upgrading to firmware V3.80; until then, limit exposure and apply defensive controls appropriate for industrial control environments.
CVE-2025-58473 is a medium-severity denial-of-service issue affecting AutomationDirect CLICK PLUS firmware 3.60 on the C2-03CPU-2 device. According to the CISA CSAF advisory published on 2025-09-23, an unauthenticated attacker can exhaust available Click Programming Software device sessions, disrupting availability. AutomationDirect recommends updating to firmware V3.80 and using compensating controls unt [truncated]
CISA published ICSA-25-266-01 on 2025-09-23 for CVE-2025-58069. The advisory says AutomationDirect CLICK PLUS PLC firmware version 3.60 contains a hard-coded AES key used to protect the initial messages of a new KOPS session. AutomationDirect recommends updating affected CLICK PLUS CPU firmware lines to V3.80 and, until that can be done, applying compensating controls such as network isolation, trusted in [truncated]
CVE-2025-55069 is a high-severity issue in AutomationDirect CLICK PLUS PLC firmware version 3.60. CISA’s advisory says the device uses a predictable seed for its pseudo-random number generator, which can compromise the security of generated private keys. The vendor recommends upgrading to firmware V3.80 and applying compensating controls if immediate patching is not possible. CISA published the advisory o [truncated]
CVE-2025-54855 is a medium-severity credential exposure issue in AutomationDirect CLICK PLUS. CISA’s advisory states that Click Programming Software v3.60 can store sensitive information in clear text, allowing a local user with file-system access to steal credentials while an administrator session is active. AutomationDirect recommends updating CLICK PLUS and related firmware to V3.80.
CVE-2025-36535 is a critical flaw in AutomationDirect MB-Gateway where the embedded webserver lacks authentication and access controls. According to CISA’s advisory published on 2025-05-20, remote users may gain unrestricted access and potentially change configuration, disrupt operations, or trigger more severe impact depending on the exposed functionality and environment.
CVE-2025-0960 is a critical vulnerability in AutomationDirect C-more EA9 HMI products. The advisory says a function’s bounds checks can be skipped, which could let an attacker cause denial of service or achieve remote code execution on affected devices. CISA published the advisory ICSA-25-035-08 on 2025-02-04, and the supplied remediation guidance directs users to update C-MORE EA9 HMI software and firmware to v6.80.
A file parsing memory corruption vulnerability in AutomationDirect C-More EA9 Programming Software allows remote code execution through crafted file processing. The vulnerability stems from unsafe data handling during file parsing operations, enabling memory corruption that can be exploited to execute arbitrary code on the target system. This affects C-More EA9 Programming Software versions 6.78 and earli [truncated]
A file parsing memory corruption vulnerability in AutomationDirect C-More EA9 Programming Software (versions ≤6.78) allows remote code execution through unsafe handling of file data during parsing. The vulnerability was disclosed on December 5, 2024, with a CVSS 3.1 score of 7.8 (HIGH). Exploitation requires local attack vector with user interaction, but successful exploitation grants high impact across c [truncated]
A stack-based buffer overflow vulnerability in AutomationDirect C-More EA9 Programming Software allows remote code execution through malicious file parsing. The flaw exists in versions 6.78 and earlier, where improper input validation during file processing can lead to arbitrary code execution with the privileges of the running application. This vulnerability requires local access with user interaction, a [truncated]
CVE-2024-45368 is a HIGH severity (CVSS 8.8) authentication bypass vulnerability affecting the AutomationDirect DirectLogic H2-DM1E programmable logic controller (PLC) running firmware version 2.8.0 and earlier. The vulnerability stems from an anomaly in the PLC's authentication protocol implementation, which accepts multiple distinct packets as valid authentication responses rather than enforcing a singl [truncated]
CVE-2024-43099 is a HIGH severity (CVSS 8.8) session hijacking vulnerability in the AutomationDirect DirectLogic H2-DM1E PLC, published by CISA on September 12, 2024. The vulnerability exists in the application layer session management mechanism that maintains authenticated sessions between a host PC and the PLC. An attacker who captures the session key can inject traffic into an ongoing authenticated ses [truncated]
A critical stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect Productivity PLCs. The vulnerability, published on 2024-05-23, affects multiple CPU models across the Productivity 3000, 2000, and 1000 series running specific firmware and software versions. An unauthenticated attacker can trigger this vulnerability by sending a [truncated]
A critical stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect Productivity PLCs. The vulnerability, published on 2024-05-23, allows unauthenticated remote attackers to trigger stack-based buffer overflow conditions via specially crafted network packets. This affects multiple Productivity series CPUs across firmware versions [truncated]
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple CPU models across the Productivity 3000, 2000, and 1000 series running specific firmware and software versions. With a CVSS 3.1 score of 8.2 (HIGH), [truncated]
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple Productivity series CPUs across firmware and software versions, with a CVSS 3.1 score of 8.2 (HIGH). The issue was disclosed by CISA on May 23, 2024 [truncated]
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple Productivity series CPUs across firmware and software versions, with a CVSS 3.1 score of 8.2 (HIGH severity). The issue was disclosed by CISA on May [truncated]
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple Productivity series CPUs across firmware and software versions, with a CVSS 3.1 score of 8.2 (HIGH severity). The attack vector is network-based wit [truncated]
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple CPU models across the Productivity 3000, 2000, and 1000 series running specific firmware and software versions. With a CVSS 3.1 score of 8.2 (HIGH), [truncated]
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple CPU models across the Productivity 1000, 2000, and 3000 series running specific firmware and software versions. With a CVSS 3.1 score of 8.2 (High), [truncated]
CVE-2024-24947 is a high-severity buffer overflow vulnerability in AutomationDirect Productivity PLCs, specifically affecting the Programming Software Connection CurrDir functionality in the P3-550E CPU running firmware version 1.2.10.9. Published on May 23, 2024, this vulnerability allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted network packet [truncated]
A buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect Productivity PLCs. The flaw allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted network packets. The vulnerability affects multiple Productivity series CPUs across firmware versions 1.2.10.9 and 1.2.10.10, as well as Productivity [truncated]
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect Productivity PLCs. The vulnerability can be triggered by an unauthenticated attacker sending a specially crafted network packet, leading to a buffer overflow condition. This affects multiple Productivity PLC product lines including the P3-550E, P3-550, P3-530, P2-550, P1-550, a [truncated]
A critical code injection vulnerability in AutomationDirect Productivity PLCs allows arbitrary code execution through malicious scan_lib.bin files. The vulnerability affects multiple Productivity series CPUs across firmware and software versions, with a CVSS 3.1 score of 9.8 indicating network-exploitable, unauthenticated remote code execution. The issue was disclosed on May 23, 2024 via CISA ICS advisory [truncated]
A read-what-where vulnerability in AutomationDirect Productivity PLCs allows unauthenticated remote attackers to disclose sensitive information via specially crafted network packets targeting the Programming Software Connection IMM 01A1 Memory Read functionality. The vulnerability affects multiple Productivity series CPUs across firmware and software versions, with a CVSS 3.1 score of 7.5 (HIGH). Publishe [truncated]
A critical write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect Productivity PLCs. The vulnerability allows unauthenticated remote attackers to achieve arbitrary memory writes via specially crafted network packets. This vulnerability affects multiple Productivity series CPUs across the P3-550E, P3-550, P3-530, P2-550, P1-5 [truncated]
A critical vulnerability (CVSS 9.8) in AutomationDirect Productivity PLCs stems from leftover debug code in the Telnet Diagnostic Interface, enabling unauthorized network access via specially crafted requests. Published 2024-05-23, this flaw affects multiple Productivity series CPUs across firmware and software versions. The vendor has released updated software (version 4.2.0.x or higher) and firmware pat [truncated]