attacker to control the length of data sent to a USB device. This can
lead to a system crash or disclosure of kernel memory.
No analysis available yet.
Vendor Solution
AutomationDirect recommends that users update Productivity suite to v4.7.0.47 and above https://www.automationdirect.com/support/software-downloads
Vendor Workaround
If the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed. * Disconnect the engineering workstation from external networks (e.g., the internet or corporate LAN) to reduce exposure. * Use only trusted, dedicated internal networks or air-gapped systems for device communication. * Restrict both physical and logical access to authorized personnel only. * Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software. * Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts. * Enable and regularly review system logs to detect suspicious or unauthorized activity. * Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident. * Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Automationdirect
Automationdirect productivity Suite |
|
| Vendors & Products |
Automationdirect
Automationdirect productivity Suite |
Thu, 16 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory. | |
| Title | AutomationDirect Productivity Suite Out-of-bounds Read | |
| Weaknesses | CWE-125 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-16T20:22:36.036Z
Reserved: 2026-07-09T15:00:24.541Z
Link: CVE-2026-60073
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T21:30:06Z
-
CWE-125
Out-of-bounds Read