CVE-2025-61934 | A binding to an unrestricted IP address vulnerability was di… | CVSS 10.0 CRITICAL

Description

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine

Metadata

CVE ID: CVE-2025-61934
State: PUBLISHED
Assigner: icscert
Reserved: 2025-10-21 21:55 UTC
Published: 2025-10-23 22:01 UTC
Last updated: 2025-10-24 14:31 UTC
Primary CWE: CWE-1327
CWE-1327
Vendor / Product: AutomationDirect / Productivity Suite
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (8)

Vendor	Product	Platform	Versions
AutomationDirect	Productivity 1000 P1-540 CPU	—	0 < SW v4.4.1.19
AutomationDirect	Productivity 1000 P1-550 CPU	—	0 ≤ SW v4.4.1.19
AutomationDirect	Productivity 2000 P2-550 CPU	—	0 ≤ SW v4.4.1.19
AutomationDirect	Productivity 2000 P2-622 CPU	—	0 ≤ SW v4.4.1.19
AutomationDirect	Productivity 3000 P3-530 CPU	—	0 ≤ SW v4.4.1.19
AutomationDirect	Productivity 3000 P3-550E CPU	—	0 ≤ SW V4.2.1.9
AutomationDirect	Productivity 3000 P3-622 CPU	—	0 ≤ SW V4.2.1.9
AutomationDirect	Productivity Suite	—	0 ≤ SW V4.2.1.9

Weakness (CWE)

CWE	Source	Description
CWE-1327	cna	CWE-1327

CVSS scores (2)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

References (4)