ByteOS Network

NVD Vulnerability Details :

CVE-2025-61934

Awaiting Analysis

Source-ics-cert@hq.dhs.gov

Published At-23 Oct, 2025 | 22:15

Updated At-27 Oct, 2025 | 13:20

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.3	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 10.0

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-1327	Primary	ics-cert@hq.dhs.gov

CWE ID: CWE-1327

Type: Primary

Source: ics-cert@hq.dhs.gov

References

Hyperlink	Source	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json	ics-cert@hq.dhs.gov	N/A
https://support.automationdirect.com/docs/securityconsiderations.pdf	ics-cert@hq.dhs.gov	N/A
https://www.automationdirect.com/support/software-downloads	ics-cert@hq.dhs.gov	N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01	ics-cert@hq.dhs.gov	N/A