Skip to main content

Productivity Suite

6 CVEs product

Monthly

CVE-2026-61378 MEDIUM CISA This Month

Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application, resulting in a denial-of-service condition on engineering workstations used to program AutomationDirect PLCs. All versions are affected per CPE wildcard data, and the vulnerability was disclosed via CISA ICS advisory ICSA-26-197-04, indicating ICS-CERT involvement and an OT/industrial context. No public exploit or CISA KEV listing has been identified at time of analysis, and exploitation impact is limited strictly to availability - no data exfiltration or tampering is possible.

Denial Of Service Productivity Suite
NVD GitHub
CVSS 4.0
6.8
CVE-2026-60073 MEDIUM CISA This Month

Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and system stability to a physically-present, low-privileged attacker via manipulated USB data length values. Exploitation can result in disclosure of sensitive kernel memory contents or a full system crash - both significant outcomes in an OT/ICS environment where availability and data integrity are critical. Reported by ICS-CERT under advisory ICSA-26-197-04, with no public exploit code or CISA KEV listing identified at time of analysis.

Information Disclosure Buffer Overflow Productivity Suite
NVD GitHub
CVSS 4.0
5.2
CVE-2026-57896 MEDIUM CISA This Month

Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memory by submitting a crafted IOCTL request, resulting in high availability impact (system or application disruption) and limited kernel memory disclosure. The vulnerability affects all documented versions per the CPE wildcard and was reported by ICS-CERT, placing it squarely in the operational technology threat landscape where availability is mission-critical. No public exploit code and no CISA KEV listing exist at time of analysis, placing current exploitation risk as low but warranting prompt patching in industrial environments.

Information Disclosure Buffer Overflow Productivity Suite
NVD GitHub
CVSS 4.0
6.9
CVE-2026-60140 MEDIUM CISA This Month

Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on engineering workstations via a crafted IOCTL request sent by a local low-privileged attacker. Affecting all versions per CPE wildcard, the CWE-125 flaw causes the vulnerable kernel-mode driver to read memory outside intended buffer bounds, leaking sensitive kernel contents or triggering a kernel panic (BSOD). Reported by ICS-CERT under advisory ICSA-26-197-04, no public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Buffer Overflow Productivity Suite
NVD GitHub
CVSS 4.0
6.9
CVE-2026-61389 HIGH CISA This Week

Local privilege escalation in AutomationDirect Productivity Suite programming software stems from an out-of-bounds write (CWE-787) reachable through a crafted IOCTL request to a privileged kernel-mode component, corrupting kernel memory. An authenticated local attacker on an engineering workstation running the software can leverage the corruption to escalate to SYSTEM/kernel privileges or crash the host. No public exploit identified at time of analysis; the flaw is documented in CISA ICS advisory ICSA-26-197-04 (reported by ICS-CERT) but is not listed in CISA KEV, and no EPSS score was supplied.

Privilege Escalation Memory Corruption Buffer Overflow Productivity Suite
NVD GitHub
CVSS 4.0
7.3
CVE-2026-60063 HIGH CISA This Week

Local privilege escalation in AutomationDirect Productivity Suite lets an authenticated local attacker corrupt kernel memory by issuing a crafted IOCTL request to an out-of-bounds write flaw (CWE-787). Successful exploitation can elevate privileges to SYSTEM/kernel level or crash the host running this engineering workstation software for AutomationDirect Productivity-series PLCs. Reported through CISA ICS-CERT (ICSA-26-197-04); no public exploit identified at time of analysis and no KEV/EPSS signal is present.

Privilege Escalation Memory Corruption Buffer Overflow Productivity Suite
NVD GitHub
CVSS 4.0
7.3
CVSS 6.8
MEDIUM This Month

Divide-by-zero in AutomationDirect Productivity Suite enables a local, low-privileged attacker to crash the application, resulting in a denial-of-service condition on engineering workstations used to program AutomationDirect PLCs. All versions are affected per CPE wildcard data, and the vulnerability was disclosed via CISA ICS advisory ICSA-26-197-04, indicating ICS-CERT involvement and an OT/industrial context. No public exploit or CISA KEV listing has been identified at time of analysis, and exploitation impact is limited strictly to availability - no data exfiltration or tampering is possible.

Denial Of Service Productivity Suite
NVD GitHub
CVSS 5.2
MEDIUM This Month

Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and system stability to a physically-present, low-privileged attacker via manipulated USB data length values. Exploitation can result in disclosure of sensitive kernel memory contents or a full system crash - both significant outcomes in an OT/ICS environment where availability and data integrity are critical. Reported by ICS-CERT under advisory ICSA-26-197-04, with no public exploit code or CISA KEV listing identified at time of analysis.

Information Disclosure Buffer Overflow Productivity Suite
NVD GitHub
CVSS 6.9
MEDIUM This Month

Out-of-bounds read in AutomationDirect Productivity Suite enables a local low-privileged attacker to corrupt kernel memory by submitting a crafted IOCTL request, resulting in high availability impact (system or application disruption) and limited kernel memory disclosure. The vulnerability affects all documented versions per the CPE wildcard and was reported by ICS-CERT, placing it squarely in the operational technology threat landscape where availability is mission-critical. No public exploit code and no CISA KEV listing exist at time of analysis, placing current exploitation risk as low but warranting prompt patching in industrial environments.

Information Disclosure Buffer Overflow Productivity Suite
NVD GitHub
CVSS 6.9
MEDIUM This Month

Out-of-bounds read in AutomationDirect Productivity Suite exposes kernel memory and enables denial-of-service on engineering workstations via a crafted IOCTL request sent by a local low-privileged attacker. Affecting all versions per CPE wildcard, the CWE-125 flaw causes the vulnerable kernel-mode driver to read memory outside intended buffer bounds, leaking sensitive kernel contents or triggering a kernel panic (BSOD). Reported by ICS-CERT under advisory ICSA-26-197-04, no public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Buffer Overflow Productivity Suite
NVD GitHub
CVSS 7.3
HIGH This Week

Local privilege escalation in AutomationDirect Productivity Suite programming software stems from an out-of-bounds write (CWE-787) reachable through a crafted IOCTL request to a privileged kernel-mode component, corrupting kernel memory. An authenticated local attacker on an engineering workstation running the software can leverage the corruption to escalate to SYSTEM/kernel privileges or crash the host. No public exploit identified at time of analysis; the flaw is documented in CISA ICS advisory ICSA-26-197-04 (reported by ICS-CERT) but is not listed in CISA KEV, and no EPSS score was supplied.

Privilege Escalation Memory Corruption Buffer Overflow +1
NVD GitHub
CVSS 7.3
HIGH This Week

Local privilege escalation in AutomationDirect Productivity Suite lets an authenticated local attacker corrupt kernel memory by issuing a crafted IOCTL request to an out-of-bounds write flaw (CWE-787). Successful exploitation can elevate privileges to SYSTEM/kernel level or crash the host running this engineering workstation software for AutomationDirect Productivity-series PLCs. Reported through CISA ICS-CERT (ICSA-26-197-04); no public exploit identified at time of analysis and no KEV/EPSS signal is present.

Privilege Escalation Memory Corruption Buffer Overflow +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy