AutomationDirect Productivity Suite
Plan PatchCVSS 10ICS-CERT ICSA-25-296-01Oct 23, 2025
AutomationDirect
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
AutomationDirect Productivity Suite and Productivity PLC products (1000, 2000, and 3000 series) contain multiple vulnerabilities (CWE-23, CWE-640, CWE-732, CWE-1327) in versions through SW_v4.4.1.19 that allow arbitrary code execution, information disclosure, and unauthorized read/write access to project files and system resources. The vulnerabilities have a critical CVSS score of 10 with no authentication required and network-accessible attack vector.
What this means
What could happen
An attacker with network access to an affected Productivity PLC or Suite could execute arbitrary code on the controller, potentially altering process setpoints, halting production operations, stealing configuration data, or gaining full control over automation logic and connected devices.
Who's at risk
Water utilities, power generation facilities, wastewater treatment plants, and other critical infrastructure operators using AutomationDirect Productivity 1000, 2000, or 3000 series PLCs or the Productivity Suite programming software for SCADA, process automation, or equipment control should prioritize this issue. All versions through SW_v4.4.1.19 are affected.
How it could be exploited
An attacker sends a crafted network request to a Productivity PLC or connects to the Productivity Suite programming software without credentials, exploiting path traversal, access control, or code execution weaknesses to run commands on the controller or access sensitive project files.
Prerequisites
- Network access to the Productivity PLC on port 502 or the Productivity Suite application port
- No authentication required for initial exploitation
remotely exploitableno authentication requiredlow complexitycritical CVSS (10)affects multiple PLC platformsno patch available for most PLC models
Exploitability
Unlikely to be exploited — EPSS score 0.6%
Affected products (8)
1 with fix7 EOL
ProductAffected VersionsFix Status
Productivity 1000 P1-540 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Productivity Suite: <=v4.4.1.19≤ v4.4.1.194.5.0.x or higher
Productivity 3000 P3-622 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Productivity 3000 P3-550E CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Productivity 3000 P3-530 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Productivity 2000 P2-622 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Productivity 2000 P2-550 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Productivity 1000 P1-550 CPU: <=SW_v4.4.1.19≤ SW v4.4.1.19No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDImplement firewall rules to block incoming and outgoing traffic to Productivity PLCs from untrusted networks
WORKAROUNDIf the PLC cannot be patched or segmented, physically disconnect it from external networks including LANs, and only connect when programming is required via offline USB or isolated connection
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Productivity Suite programming software to version 4.5.0.x or higher
HOTFIXCheck AutomationDirect support downloads for latest firmware for Productivity 1000, 2000, and 3000 series CPUs and apply if available
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Productivity 1000 P1-540 CPU: <=SW_v4.4.1.19, Productivity 3000 P3-622 CPU: <=SW_v4.4.1.19, Productivity 3000 P3-550E CPU: <=SW_v4.4.1.19, Productivity 3000 P3-530 CPU: <=SW_v4.4.1.19, Productivity 2000 P2-622 CPU: <=SW_v4.4.1.19, Productivity 2000 P2-550 CPU: <=SW_v4.4.1.19, Productivity 1000 P1-550 CPU: <=SW_v4.4.1.19. Apply the following compensating controls:
HARDENINGIsolate Productivity PLC networks from business networks and the internet using network segmentation
CVEs (9)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/39baf257-37f6-48e5-a729-e52e8b690585Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.