Relative Path Traversal Vulnerability in AutomationDirect Productivity Suite
A critical relative path traversal vulnerability, identified as CVE-2025-62498, was discovered in AutomationDirect Productivity Suite software, specifically affecting versions up to 4.4.1.19. This vulnerability, also known as ZipSlip, allows an attacker who can tamper with a productivity project file to execute arbitrary code on the machine where the project is opened. The flaw is remotely exploitable and has been assigned a CVSS v3.1 base score of 8.8 and a CVSS v4 score of 9.3, indicating high severity. The vulnerability impacts multiple Productivity PLC models, including Productivity 3000, 2000, and 1000 series CPUs running affected software versions.
Successful exploitation could enable attackers to gain full control over the affected system, potentially leading to information disclosure, unauthorized file access, or further compromise of industrial control environments. The vulnerability was reported to ICS-CERT, and advisories have been published to inform users and administrators of the risk and to recommend mitigation steps. No affected product table was provided in the CVE feed, but CISA's advisory lists specific impacted models and software versions, emphasizing the need for immediate attention from organizations using these products in critical infrastructure environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
CVE-2025-62498 is publicly listed as a path traversal vulnerability
CVE-2025-62498 was publicly cataloged as a relative path traversal vulnerability in AutomationDirect Productivity Suite. The CVE listing appeared on 2025-10-23, aligning with the same disclosure period as the CISA advisory.
CISA publishes advisory for AutomationDirect Productivity Suite flaw
CISA released ICS advisory ICSA-25-296-01 covering a security issue affecting AutomationDirect Productivity Suite. The advisory was published on 2025-10-23 and marks the public disclosure of the vulnerability.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Path Traversal Vulnerability in Rockwell Automation AADvance-Trusted SIS Workstation
A critical path traversal vulnerability (CVE-2024-48510) has been identified in Rockwell Automation's AADvance-Trusted SIS Workstation, specifically affecting versions 2.00.00 to 2.00.04. The flaw, rooted in the DotNetZip library (v1.16.0 and earlier), could allow a remote attacker to execute arbitrary code if a victim opens a malicious file, potentially compromising safety instrumented system (SIS) applications used in critical manufacturing sectors. The vulnerability is rated high severity, with a CVSS v4 score of 8.6, and exploitation requires user interaction but is considered low complexity and remotely exploitable. Rockwell Automation discovered the issue during internal testing and reported it to CISA, emphasizing their commitment to transparency and product security. The company has released a security advisory confirming the vulnerability, noting that it has been corrected and that no known exploitation has occurred in the wild. Organizations using affected SIS Workstation versions are urged to apply available mitigations to prevent potential remote code execution attacks targeting critical infrastructure environments worldwide.
Mar 21, 2026
Multiple Critical Vulnerabilities in Advantech WebAccess/SCADA
Advantech WebAccess/SCADA has been found to contain several critical vulnerabilities, including an unrestricted file upload flaw (CVE-2025-14849) and a directory traversal vulnerability (CVE-2025-14850). The unrestricted file upload issue could allow a remote attacker to execute arbitrary code on affected systems, while the directory traversal flaw may enable attackers to delete arbitrary files. Both vulnerabilities are remotely exploitable and have been assigned high CVSS scores, indicating significant risk to organizations using this software in critical infrastructure sectors. CISA has issued an advisory confirming that these vulnerabilities affect Advantech WebAccess/SCADA version 9.2.1, and recommends updating to version 9.2.2 to mitigate the risks. The vulnerabilities impact organizations in sectors such as critical manufacturing, energy, and water and wastewater, with deployments worldwide. Exploitation of these flaws could allow authenticated attackers to read or modify remote databases, potentially leading to severe operational disruptions.
Mar 21, 2026
Authentication Bypass Vulnerability in Siemens SIMATIC CP and SIPLUS ET 200SP Devices
A critical authentication bypass vulnerability, tracked as CVE-2025-40771 with a CVSS score of 9.8, has been discovered in Siemens SIMATIC CP and SIPLUS ET 200SP industrial communication modules. The flaw affects multiple device models, including SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, as well as SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL, CP 1543SP-1 ISEC, and CP 1543SP-1 ISEC TX RAIL, specifically all versions prior to V2.4.24. The vulnerability arises from improper authentication of configuration connections, which allows unauthenticated remote attackers to gain access to sensitive configuration data on affected devices. This issue is particularly severe because it does not require any prior authentication, enabling attackers to exploit the flaw remotely without credentials. The vulnerability could be leveraged to compromise the integrity and confidentiality of industrial control systems that rely on these modules for network communication. Siemens has acknowledged the vulnerability and has released advisories to inform customers of the affected product versions. The flaw was reported by Siemens ProductCERT, and the company has urged users to update to the latest firmware version (V2.4.24 or later) to mitigate the risk. Exploitation of this vulnerability could allow attackers to alter device configurations, potentially disrupting industrial processes or enabling further attacks within operational technology environments. The vulnerability is considered critical due to the widespread use of these modules in industrial automation and the potential impact on critical infrastructure. Security researchers have highlighted the risk of remote exploitation, emphasizing the need for immediate patching and network segmentation to protect vulnerable devices. Organizations are advised to review their asset inventories to identify affected devices and prioritize remediation efforts. In addition to patching, Siemens recommends implementing network security best practices, such as restricting access to configuration interfaces and monitoring for unauthorized connection attempts. The disclosure of CVE-2025-40771 underscores the ongoing challenges in securing industrial control systems against remote attacks. The vulnerability was publicly disclosed in mid-October 2025, and security advisories have been disseminated to raise awareness among industrial operators. The incident highlights the importance of timely vulnerability management and the need for robust authentication mechanisms in critical infrastructure devices. Failure to address this vulnerability could result in significant operational disruptions and potential safety risks in industrial environments. The security community continues to monitor for signs of exploitation in the wild, and organizations are encouraged to stay informed about further updates from Siemens and relevant CERTs.
Mar 21, 2026