Skip to main content

Productivity Suite CVE-2026-57896

| EUVDEUVD-2026-45035 MEDIUM
Out-of-bounds Read (CWE-125)
2026-07-16 icscert GHSA-g349-wjvj-vxpr
6.9
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.1 MEDIUM

Local IOCTL access requires a low-privilege account (AV:L, PR:L); read-only overrun causes disruption (A:H) but no write primitive means no integrity impact (I:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jul 16, 2026 - 21:22 NVD
6.1 (MEDIUM) 6.9 (MEDIUM)
Analysis Generated
Jul 16, 2026 - 20:46 vuln.today

DescriptionCVE.org

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product.

AnalysisAI

Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memory by submitting a crafted IOCTL request, resulting in high availability impact (system or application disruption) and limited kernel memory disclosure. The vulnerability affects all documented versions per the CPE wildcard and was reported by ICS-CERT, placing it squarely in the operational technology threat landscape where availability is mission-critical. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local user account on engineering workstation
Delivery
Open handle to Productivity Suite kernel driver device object
Exploit
Send crafted IOCTL request with malformed buffer
Execution
Trigger out-of-bounds read in kernel space
Persist
Corrupt kernel memory
Impact
Crash system or disclose kernel memory contents

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid local user account on the Windows workstation running AutomationDirect Productivity Suite - the CVSS PR:L vector confirms low-privilege OS credentials are sufficient, with no administrative rights needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 6.1 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H reflects the actual attack surface accurately: exploitation is bounded by local access and a low-privilege account, significantly constraining the threat to insider actors or post-compromise lateral movement scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious insider or an attacker who has already established a low-privilege foothold on a Windows engineering workstation running AutomationDirect Productivity Suite opens a handle to the product's kernel driver and sends a crafted IOCTL request with a malformed buffer. The driver reads beyond the allocated buffer boundary, corrupting kernel memory and crashing the application or the system (BSOD), halting any active PLC sessions or engineering operations. …
Remediation The primary remediation is to obtain and apply the updated release of Productivity Suite from the AutomationDirect software downloads page at https://www.automationdirect.com/support/software-downloads; the specific fixed version must be verified there or via the CISA ICS advisory ICSA-26-197-04 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04, as no exact patched version number was confirmed in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy