Filtered by vendor Automationdirect
Subscriptions
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-61389 | 1 Automationdirect | 1 Productivity Suite | 2026-07-17 | 7 High |
| An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability. | ||||
| CVE-2026-60140 | 1 Automationdirect | 1 Productivity Suite | 2026-07-17 | 6.1 Medium |
| An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive information or causing the affected product to become unstable or unavailable. | ||||
| CVE-2026-60063 | 1 Automationdirect | 1 Productivity Suite | 2026-07-17 | 7 High |
| An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability. | ||||
| CVE-2026-61378 | 1 Automationdirect | 1 Productivity Suite | 2026-07-17 | 5.5 Medium |
| A divide-by-zero vulnerability in the Productivity Suite allows a local attacker to cause a division by zero leading to a system crash. | ||||
| CVE-2026-57896 | 1 Automationdirect | 1 Productivity Suite | 2026-07-17 | 6.1 Medium |
| An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product. | ||||
| CVE-2026-60073 | 1 Automationdirect | 1 Productivity Suite | 2026-07-17 | 5.9 Medium |
| An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory. | ||||
| CVE-2024-43099 | 1 Automationdirect | 1 H2-dm1e Firmware | 2026-04-15 | 8.8 High |
| The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack. | ||||
| CVE-2025-58429 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 7.5 High |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine. | ||||
| CVE-2025-59776 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 4 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine. | ||||
| CVE-2025-55069 | 1 Automationdirect | 1 Click Plus | 2026-04-15 | 8.3 High |
| A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys. | ||||
| CVE-2025-67652 | 1 Automationdirect | 1 Click Plc | 2026-04-15 | 6.1 Medium |
| An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leaving sensitive information more vulnerable. | ||||
| CVE-2025-25051 | 1 Automationdirect | 1 Click Plc | 2026-04-15 | 6.1 Medium |
| An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks. | ||||
| CVE-2025-62688 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 7.1 High |
| An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project. | ||||
| CVE-2025-57882 | 1 Automationdirect | 1 Click Plus | 2026-04-15 | 5.9 Medium |
| An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC application. | ||||
| CVE-2025-61934 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 10 Critical |
| A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine | ||||
| CVE-2024-45368 | 1 Automationdirect | 1 H2-dm1e Firmware | 2026-04-15 | 8.8 High |
| The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication. | ||||
| CVE-2025-58078 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 7.5 High |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine. | ||||
| CVE-2025-58456 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 6.8 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine. | ||||
| CVE-2025-60023 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 4 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. | ||||
| CVE-2025-61977 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 7 High |
| A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question. | ||||