Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only trigger with low privileges required; impact is solely a high-severity availability crash with no confidentiality or integrity consequence.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash.
AnalysisAI
Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application, resulting in a denial-of-service condition on engineering workstations used to program AutomationDirect PLCs. All versions are affected per CPE wildcard data, and the vulnerability was disclosed via CISA ICS advisory ICSA-26-197-04, indicating ICS-CERT involvement and an OT/industrial context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must have local OS access with at least low-level user privileges (PR:L per CVSS 4.0 vector AV:L/PR:L) on a Windows workstation where AutomationDirect Productivity Suite is installed and running. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.8 (Medium) accurately reflects the constrained impact of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged local user on an OT engineering workstation loads a crafted or malformed project file into AutomationDirect Productivity Suite, causing the application to execute a code path that divides by zero. The resulting unhandled arithmetic exception crashes the application, interrupting any in-progress PLC programming session and requiring a manual restart. … |
| Remediation | Consult CISA ICS advisory ICSA-26-197-04 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-04) and the AutomationDirect software downloads page (https://www.automationdirect.com/support/software-downloads) to identify and apply the latest available version of Productivity Suite - a specific patched version number has not been independently confirmed from the provided data and must be verified directly against vendor release notes. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Productivity Suite
View allLocal privilege escalation in AutomationDirect Productivity Suite programming software stems from an out-of-bounds write
Local privilege escalation in AutomationDirect Productivity Suite lets an authenticated local attacker corrupt kernel me
Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memo
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on enginee
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and system stability to a physically-pre
Same weakness CWE-369 – Divide By Zero
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45038
GHSA-22g8-27fc-wwmw