AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

7.3 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

Basic Information

ID CVE-2025-61977

Source icscert

Published Oct 23, 2025 at 21:51

Affected Product

Vendor AutomationDirect

Product Productivity Suite

Affected Versions AutomationDirect Productivity Suite 0
AutomationDirect Productivity 3000 P3-622 CPU 0
AutomationDirect Productivity 3000 P3-550E CPU 0
AutomationDirect Productivity 3000 P3-530 CPU 0
AutomationDirect Productivity 2000 P2-622 CPU 0
AutomationDirect Productivity 2000 P2-550 CPU 0
AutomationDirect Productivity 1000 P1-550 CPU 0
AutomationDirect Productivity 1000 P1-540 CPU 0

CWE Classification

CWE-640

References

{
    "lastseen": "",
    "description": "A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.",
    "published": "2025-10-23T21:51:56.523Z",
    "modified": "2025-10-23T21:51:56.523Z",
    "type": "cve",
    "title": "AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json\nhttps://www.automationdirect.com/support/software-downloads\nhttps://support.automationdirect.com/docs/securityconsiderations.pdf",
    "id": "CVE-2025-61977",
    "bulletinFamily": "",
    "cwe": [
        "CWE-640"
    ],
    "cvelist": null,
    "sourceData": "AutomationDirect Productivity Suite 0\nAutomationDirect Productivity 3000 P3-622 CPU 0\nAutomationDirect Productivity 3000 P3-550E CPU 0\nAutomationDirect Productivity 3000 P3-530 CPU 0\nAutomationDirect Productivity 2000 P2-622 CPU 0\nAutomationDirect Productivity 2000 P2-550 CPU 0\nAutomationDirect Productivity 1000 P1-550 CPU 0\nAutomationDirect Productivity 1000 P1-540 CPU 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Productivity Suite",
    "version": "0",
    "vendor": "AutomationDirect",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password_CVE-2025-61977