Productivity Suite
Monthly
Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application, resulting in a denial-of-service condition on engineering workstations used to program AutomationDirect PLCs. All versions are affected per CPE wildcard data, and the vulnerability was disclosed via CISA ICS advisory ICSA-26-197-04, indicating ICS-CERT involvement and an OT/industrial context. No public exploit or CISA KEV listing has been identified at time of analysis, and exploitation impact is limited strictly to availability - no data exfiltration or tampering is possible.
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and system stability to a physically-present, low-privileged attacker via manipulated USB data length values. Exploitation can result in disclosure of sensitive kernel memory contents or a full system crash - both significant outcomes in an OT/ICS environment where availability and data integrity are critical. Reported by ICS-CERT under advisory ICSA-26-197-04, with no public exploit code or CISA KEV listing identified at time of analysis.
Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memory by submitting a crafted IOCTL request, resulting in high availability impact (system or application disruption) and limited kernel memory disclosure. The vulnerability affects all documented versions per the CPE wildcard and was reported by ICS-CERT, placing it squarely in the operational technology threat landscape where availability is mission-critical. No public exploit code and no CISA KEV listing exist at time of analysis, placing current exploitation risk as low but warranting prompt patching in industrial environments.
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on engineering workstations via a crafted IOCTL request sent by a local low-privileged attacker. Affecting all versions per CPE wildcard, the CWE-125 flaw causes the vulnerable kernel-mode driver to read memory outside intended buffer bounds, leaking sensitive kernel contents or triggering a kernel panic (BSOD). Reported by ICS-CERT under advisory ICSA-26-197-04, no public exploit code or active exploitation has been identified at time of analysis.
Local privilege escalation in AutomationDirect Productivity Suite programming software stems from an out-of-bounds write (CWE-787) reachable through a crafted IOCTL request to a privileged kernel-mode component, corrupting kernel memory. An authenticated local attacker on an engineering workstation running the software can leverage the corruption to escalate to SYSTEM/kernel privileges or crash the host. No public exploit identified at time of analysis; the flaw is documented in CISA ICS advisory ICSA-26-197-04 (reported by ICS-CERT) but is not listed in CISA KEV, and no EPSS score was supplied.
Local privilege escalation in AutomationDirect Productivity Suite lets an authenticated local attacker corrupt kernel memory by issuing a crafted IOCTL request to an out-of-bounds write flaw (CWE-787). Successful exploitation can elevate privileges to SYSTEM/kernel level or crash the host running this engineering workstation software for AutomationDirect Productivity-series PLCs. Reported through CISA ICS-CERT (ICSA-26-197-04); no public exploit identified at time of analysis and no KEV/EPSS signal is present.
Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application, resulting in a denial-of-service condition on engineering workstations used to program AutomationDirect PLCs. All versions are affected per CPE wildcard data, and the vulnerability was disclosed via CISA ICS advisory ICSA-26-197-04, indicating ICS-CERT involvement and an OT/industrial context. No public exploit or CISA KEV listing has been identified at time of analysis, and exploitation impact is limited strictly to availability - no data exfiltration or tampering is possible.
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and system stability to a physically-present, low-privileged attacker via manipulated USB data length values. Exploitation can result in disclosure of sensitive kernel memory contents or a full system crash - both significant outcomes in an OT/ICS environment where availability and data integrity are critical. Reported by ICS-CERT under advisory ICSA-26-197-04, with no public exploit code or CISA KEV listing identified at time of analysis.
Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memory by submitting a crafted IOCTL request, resulting in high availability impact (system or application disruption) and limited kernel memory disclosure. The vulnerability affects all documented versions per the CPE wildcard and was reported by ICS-CERT, placing it squarely in the operational technology threat landscape where availability is mission-critical. No public exploit code and no CISA KEV listing exist at time of analysis, placing current exploitation risk as low but warranting prompt patching in industrial environments.
Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on engineering workstations via a crafted IOCTL request sent by a local low-privileged attacker. Affecting all versions per CPE wildcard, the CWE-125 flaw causes the vulnerable kernel-mode driver to read memory outside intended buffer bounds, leaking sensitive kernel contents or triggering a kernel panic (BSOD). Reported by ICS-CERT under advisory ICSA-26-197-04, no public exploit code or active exploitation has been identified at time of analysis.
Local privilege escalation in AutomationDirect Productivity Suite programming software stems from an out-of-bounds write (CWE-787) reachable through a crafted IOCTL request to a privileged kernel-mode component, corrupting kernel memory. An authenticated local attacker on an engineering workstation running the software can leverage the corruption to escalate to SYSTEM/kernel privileges or crash the host. No public exploit identified at time of analysis; the flaw is documented in CISA ICS advisory ICSA-26-197-04 (reported by ICS-CERT) but is not listed in CISA KEV, and no EPSS score was supplied.
Local privilege escalation in AutomationDirect Productivity Suite lets an authenticated local attacker corrupt kernel memory by issuing a crafted IOCTL request to an out-of-bounds write flaw (CWE-787). Successful exploitation can elevate privileges to SYSTEM/kernel level or crash the host running this engineering workstation software for AutomationDirect Productivity-series PLCs. Reported through CISA ICS-CERT (ICSA-26-197-04); no public exploit identified at time of analysis and no KEV/EPSS signal is present.