AutomationDirect Productivity Suite

Act Now10ICS-CERT ICSA-25-296-01Oct 23, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities (CWE-23 path traversal, CWE-640 improper restriction of rendered UI layers, CWE-732 incorrect permission assignment, CWE-1327 binding to all network interfaces) exist in AutomationDirect Productivity Suite programming software and Productivity PLC firmware through version 4.4.1.19. These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code, access and modify automation project files, obtain sensitive information, and gain full control over affected systems. Exploitation requires only network access to the device or software; no credentials or user interaction are needed.

What this means

What could happen

An attacker could execute arbitrary code on your Productivity PLC or suite, allowing them to alter process logic, read sensitive automation project files, or disable the controller entirely. This could stop water treatment, electrical generation, or distribution processes depending on what the PLC controls.

Who's at risk

This advisory affects municipal water authorities, electric utilities, and any industrial facility running AutomationDirect Productivity automation equipment. Specifically: Productivity Suite programming software (all versions up to 4.4.1.19), and Productivity PLC controllers (P1-540/P1-550, P2-550/P2-622, P3-530/P3-550E/P3-622 CPUs) running firmware version 4.4.1.19 or older. The vulnerability impacts any organization using these controllers for process automation, water/wastewater treatment, power distribution, or other critical operations.

How it could be exploited

An attacker with network access to the Productivity Suite programming software or to a connected PLC (via LAN, internet, or engineering workstation) could send a malicious request that exploits path traversal, improper access control, or file permission weaknesses to execute code or access protected project files without authentication.

Prerequisites

Network access to Productivity Suite software or connected Productivity PLC on port(s) used for programming/management (typically Ethernet)
No authentication required for exploitation
PLC or programming workstation must be reachable from attacker's network segment

Remotely exploitable over networkNo authentication requiredLow attack complexityNo patch available for current versionsAffects operational technology and control systemsCVSS 10.0 critical severityCan enable arbitrary code execution on PLCsPath traversal and improper file access control vulnerabilities

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (8)

1 with fix7 EOL

ProductAffected VersionsFix Status

Productivity 1000 P1-540 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Productivity Suite: <=v4.4.1.19≤ v4.4.1.194.5.0.x or higher

Productivity 3000 P3-622 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Productivity 3000 P3-550E CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Productivity 3000 P3-530 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Productivity 2000 P2-622 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Productivity 2000 P2-550 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Productivity 1000 P1-550 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)

Remediation & Mitigation

0/8

Do now

0/3

WORKAROUNDIf immediate patching is not possible, physically disconnect affected PLCs from external networks (internet, LANs, and interconnected systems) until firmware can be updated

HARDENINGImplement network segmentation to isolate affected Productivity PLCs from other devices and systems within your organization

HARDENINGConfigure firewall rules or network access control (NAC) policies to block all incoming and outgoing traffic to and from affected Productivity PLCs except from authorized engineering workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Productivity Suite programming software to version 4.5.0.x or higher

HOTFIXUpdate firmware on all Productivity PLCs (P1-540, P1-550, P2-550, P2-622, P3-530, P3-550E, P3-622) to the latest available version

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: Productivity 1000 P1-540 CPU: <=SW_v4.4.1.19, Productivity 3000 P3-622 CPU: <=SW_v4.4.1.19, Productivity 3000 P3-550E CPU: <=SW_v4.4.1.19, Productivity 3000 P3-530 CPU: <=SW_v4.4.1.19, Productivity 2000 P2-622 CPU: <=SW_v4.4.1.19, Productivity 2000 P2-550 CPU: <=SW_v4.4.1.19, Productivity 1000 P1-550 CPU: <=SW_v4.4.1.19. Apply the following compensating controls:

HARDENINGEnsure Productivity PLCs are not accessible from the internet; place them behind firewalls and isolate them from business network segments

HARDENINGIf remote engineering access is required, restrict it to VPN connections from authorized workstations only; keep VPN software updated

HARDENINGConduct a network security analysis to determine the appropriate security posture for your automation control system and implement measures equivalent to business computer security standards

CVEs (9)

CVE-2025-62498 CVE-2025-61977 CVE-2025-62688 CVE-2025-61934 CVE-2025-58456 CVE-2025-58078 CVE-2025-58429 CVE-2025-59776 CVE-2025-60023

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/39baf257-37f6-48e5-a729-e52e8b690585