Skip to main content

Productivity Suite EUVDEUVD-2026-45038

| CVE-2026-61378 MEDIUM
Divide By Zero (CWE-369)
2026-07-16 icscert GHSA-22g8-27fc-wwmw
6.8
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.5 MEDIUM

Local-only trigger with low privileges required; impact is solely a high-severity availability crash with no confidentiality or integrity consequence.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 21:31 vuln.today
CVSS changed
Jul 16, 2026 - 21:22 NVD
5.5 (MEDIUM) 6.8 (MEDIUM)

DescriptionCVE.org

A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash.

AnalysisAI

Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application, resulting in a denial-of-service condition on engineering workstations used to program AutomationDirect PLCs. All versions are affected per CPE wildcard data, and the vulnerability was disclosed via CISA ICS advisory ICSA-26-197-04, indicating ICS-CERT involvement and an OT/industrial context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local OS session (low privilege)
Delivery
Launch or interact with Productivity Suite
Exploit
Supply input triggering divide-by-zero
Execution
Application crashes
Impact
Engineering workstation software unavailable

Vulnerability AssessmentAI

Exploitation The attacker must have local OS access with at least low-level user privileges (PR:L per CVSS 4.0 vector AV:L/PR:L) on a Windows workstation where AutomationDirect Productivity Suite is installed and running. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.8 (Medium) accurately reflects the constrained impact of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged local user on an OT engineering workstation loads a crafted or malformed project file into AutomationDirect Productivity Suite, causing the application to execute a code path that divides by zero. The resulting unhandled arithmetic exception crashes the application, interrupting any in-progress PLC programming session and requiring a manual restart. …
Remediation Consult CISA ICS advisory ICSA-26-197-04 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04) and the AutomationDirect software downloads page (https://www.automationdirect.com/support/software-downloads) to identify and apply the latest available version of Productivity Suite - a specific patched version number has not been independently confirmed from the provided data and must be verified directly against vendor release notes. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-45038 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy