Skip to main content

Productivity Suite EUVDEUVD-2026-45026

| CVE-2026-60140 MEDIUM
Out-of-bounds Read (CWE-125)
2026-07-16 icscert GHSA-qf95-x9cw-x58g
6.9
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.3 HIGH

Local IOCTL crosses from user space into kernel domain (S:C, PR:L); out-of-bounds read yields partial memory disclosure (C:L) and potential kernel crash (A:H); no integrity impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 20:36 vuln.today
CVSS changed
Jul 16, 2026 - 20:22 NVD
6.1 (MEDIUM) 6.9 (MEDIUM)

DescriptionCVE.org

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive information or causing the affected product to become unstable or unavailable.

AnalysisAI

Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on engineering workstations via a crafted IOCTL request sent by a local low-privileged attacker. Affecting all versions per CPE wildcard, the CWE-125 flaw causes the vulnerable kernel-mode driver to read memory outside intended buffer bounds, leaking sensitive kernel contents or triggering a kernel panic (BSOD). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user session on engineering workstation
Delivery
Enumerate installed Productivity Suite kernel driver device
Exploit
Craft IOCTL request with malicious out-of-bounds read parameter
Execution
Submit request to vulnerable driver
Persist
Trigger out-of-bounds kernel memory read
Impact
Extract leaked memory data or induce kernel panic (BSOD)

Vulnerability AssessmentAI

Exploitation Exploitation requires physical or remote desktop access to a Windows workstation with AutomationDirect Productivity Suite installed, plus a low-privilege (standard user) local account - consistent with CVSS 4.0 metrics AV:L and PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 (Medium) accurately reflects the constrained attack surface: AV:L limits exploitation to local workstation access, PR:L requires at minimum a standard user account, and the impacts split between limited confidentiality (VC:L - partial kernel memory leakage) and high availability (VA:H - potential kernel crash). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a standard local user account on a Windows engineering workstation running AutomationDirect Productivity Suite writes a small user-space program that opens a handle to the vulnerable kernel-mode driver device and issues a malformed IOCTL request with an out-of-bounds read offset. The kernel driver reads memory beyond the intended buffer, either leaking kernel pointer values or causing a fatal kernel exception (BSOD), crashing the workstation. …
Remediation The primary remediation is to upgrade AutomationDirect Productivity Suite to the patched version specified in CISA ICS advisory ICSA-26-197-04 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04); the exact fixed version number is not confirmed in available data and must be verified directly against that advisory and the vendor's software downloads portal (https://www.automationdirect.com/support/software-downloads). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-45026 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy