CVE-2025-58078

Sažetak

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.

Reference

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
https://support.automationdirect.com/docs/securityconsiderations.pdf
https://www.automationdirect.com/support/software-downloads
https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

CVSS

Base:	7.5
Impact:	4.7
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

Zadnje važnije ažuriranje

23-10-2025 - 22:15

Objavljeno

23-10-2025 - 22:15