CVE-2025-60023
📋 TL;DR
A relative path traversal vulnerability in Productivity Suite software version 4.4.1.19 allows unauthenticated remote attackers to delete arbitrary directories via the ProductivityService PLC simulator. This affects organizations using AutomationDirect's Productivity Suite software for industrial control systems. The vulnerability requires network access to the affected service.
💻 Affected Systems
- AutomationDirect Productivity Suite
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical system directories could be deleted, causing system instability, data loss, or disruption of industrial processes controlled by the PLC simulator.
Likely Case
Attackers delete application directories or configuration files, disrupting Productivity Suite functionality and requiring system restoration.
If Mitigated
With proper network segmentation and access controls, impact is limited to isolated systems with minimal operational disruption.
🎯 Exploit Status
The vulnerability allows unauthenticated directory deletion via path traversal. No authentication required, making exploitation straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to latest version from AutomationDirect
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
Restart Required: Yes
Instructions:
1. Download latest Productivity Suite from AutomationDirect support site. 2. Install update following vendor instructions. 3. Restart system to ensure service updates apply.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to ProductivityService to trusted hosts only
Configure firewall rules to block port 7890/tcp from untrusted networks
Service Disablement
windowsDisable ProductivityService if PLC simulation not required
sc stop ProductivityService
sc config ProductivityService start= disabled
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Productivity Suite systems
- Monitor for unauthorized directory deletion attempts and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check if Productivity Suite version 4.4.1.19 is installed and ProductivityService is running on port 7890Check Version:
Check Productivity Suite About dialog or installed programs listVerify Fix Applied:
Verify Productivity Suite version is updated beyond 4.4.1.19 and test directory deletion attempts fail📡 Detection & Monitoring
Log Indicators:
- Unexpected directory deletion events in system logs
- ProductivityService access from unauthorized IP addresses
Network Indicators:
- Traffic to port 7890/tcp from untrusted sources
- Unusual file deletion patterns via network monitoring
SIEM Query:
source="ProductivityService" AND (event="delete" OR event="remove")