Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local IOCTL access requires a low-privilege account (AV:L, PR:L); read-only overrun causes disruption (A:H) but no write primitive means no integrity impact (I:N).
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product.
AnalysisAI
Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memory by submitting a crafted IOCTL request, resulting in high availability impact (system or application disruption) and limited kernel memory disclosure. The vulnerability affects all documented versions per the CPE wildcard and was reported by ICS-CERT, placing it squarely in the operational technology threat landscape where availability is mission-critical. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid local user account on the Windows workstation running AutomationDirect Productivity Suite - the CVSS PR:L vector confirms low-privilege OS credentials are sufficient, with no administrative rights needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.1 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H reflects the actual attack surface accurately: exploitation is bounded by local access and a low-privilege account, significantly constraining the threat to insider actors or post-compromise lateral movement scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious insider or an attacker who has already established a low-privilege foothold on a Windows engineering workstation running AutomationDirect Productivity Suite opens a handle to the product's kernel driver and sends a crafted IOCTL request with a malformed buffer. The driver reads beyond the allocated buffer boundary, corrupting kernel memory and crashing the application or the system (BSOD), halting any active PLC sessions or engineering operations. … |
| Remediation | The primary remediation is to obtain and apply the updated release of Productivity Suite from the AutomationDirect software downloads page at https://www.automationdirect.com/support/software-downloads; the specific fixed version must be verified there or via the CISA ICS advisory ICSA-26-197-04 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04, as no exact patched version number was confirmed in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Productivity Suite
View allLocal privilege escalation in AutomationDirect Productivity Suite programming software stems from an out-of-bounds write
Local privilege escalation in AutomationDirect Productivity Suite lets an authenticated local attacker corrupt kernel me
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on enginee
Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application,
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and system stability to a physically-pre
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45035
GHSA-g349-wjvj-vxpr