CNNVD-202510-3191 Information
CNNVD ID
CNNVD-202510-3191
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
AutomationDirect Productivity Suite是美国AutomationDirect公司的一款可编程逻辑控制器编程软件。 AutomationDirect Productivity Suite v4.4.1.19版本存在授权问题漏洞,该漏洞源于密码恢复机制薄弱,攻击者仅需回答一个恢复问题即可解密加密项目。
Description (English)
Automation Direct Production Suite is a programmable logical controller programming software for Automation Direct. There is a mandate gap in version (Automation Direct Production Suite v.4.4.1.19), which stems from weak password restoration mechanisms and the fact that the assailant can decrypt the encryption project by answering only one of the restoration questions.
Hazard Level
Medium
Vulnerability Type
授权问题
Affected Vendor
AutomationDirect
Published
2025-10-23
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json https://support.automationdirect.com/docs/securityconsiderations.pdf https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
Patch
https://www.productivitysuite.com/
Share on: