CVE-2025-58429
📋 TL;DR
An unauthenticated remote attacker can exploit a relative path traversal vulnerability in Productivity Suite software to delete arbitrary files on the target system. This affects users of Productivity Suite version 4.4.1.19, particularly those using the ProductivityService PLC simulator component.
💻 Affected Systems
- Productivity Suite
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files, configuration files, or security software, leading to system instability, data loss, or service disruption.
Likely Case
Targeted deletion of application files, configuration files, or user data causing application malfunction, data loss, or operational disruption.
If Mitigated
Limited impact with proper network segmentation and access controls preventing unauthenticated access to the vulnerable service.
🎯 Exploit Status
Exploitation requires network access to the ProductivityService. No authentication is required to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for latest patched version
Vendor Advisory: https://www.automationdirect.com/support/software-downloads
Restart Required: Yes
Instructions:
1. Check vendor advisory for latest patched version
2. Download updated software from vendor site
3. Install update following vendor instructions
4. Restart system and verify service is running correctly
🔧 Temporary Workarounds
Network Segmentation
windowsRestrict network access to ProductivityService to only trusted hosts
Windows Firewall: New-InboundFirewallRule -DisplayName 'Block ProductivityService' -Direction Inbound -Program 'C:\Program Files\Productivity Suite\ProductivityService.exe' -Action Block
Service Disablement
windowsDisable ProductivityService PLC simulator if not required
sc stop ProductivityService
sc config ProductivityService start= disabled
🧯 If You Can't Patch
- Implement strict network access controls to block all external access to ProductivityService port
- Monitor file deletion events in system logs and alert on suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check if Productivity Suite version 4.4.1.19 is installed and ProductivityService is running and accessible on the network.Check Version:
Check application about dialog or installed programs list for version informationVerify Fix Applied:
Verify installed version is newer than 4.4.1.19 and test that file deletion via relative path traversal is no longer possible.📡 Detection & Monitoring
Log Indicators:
- File deletion events in Windows Event Logs (Security/System)
- ProductivityService error logs showing path traversal attempts
- Unexpected service restarts or crashes
Network Indicators:
- Unusual network connections to ProductivityService port
- Multiple file deletion requests from single source
SIEM Query:
EventID=4663 OR EventID=4656 | where ObjectName contains '..' OR ObjectName contains '../' | where ProcessName contains 'ProductivityService'