CNNVD-202510-3190 Information

Oct 23, 2025 cve

CNNVD ID

CNNVD-202510-3190

CVE-2025-59776

CNNVD Published: 2025-10-23

Description (Chinese)

AutomationDirect Productivity Suite是美国AutomationDirect公司的一款可编程逻辑控制器编程软件。 AutomationDirect Productivity Suite 4.4.1.19版本存在安全漏洞，该漏洞源于远程攻击者可通过ProductivityService PLC模拟器进行相对路径遍历，可能在目标机器上创建任意目录。

Description (English)

Automation Direct Production Suite is a programmable logical controller programming software for Automation Direct. There is a security loophole in version 4.4.1.19 of Autonomy Direct Production System, which stems from the fact that long-range assailants can go through relative paths through the Production Service PLC simulator, possibly creating a random directory on the target machine.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AutomationDirect

Published

2025-10-23

Last Modified

2026-02-24

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json https://support.automationdirect.com/docs/securityconsiderations.pdf https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

Patch

https://www.productivitysuite.com/

Share on: