CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password

🗓️ 23 Oct 2025 21:51:56Reported by icscertType

CVE-2025-61977 weak password recovery in Productivity Suite v4.4.1.19 enables decrypting a project with a single recovery question.

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2025-61977	23 Oct 202510:00	–	circl
CNNVD	AutomationDirect Productivity Suite 授权问题漏洞	23 Oct 202500:00	–	cnnvd
CVE	CVE-2025-61977	23 Oct 202521:51	–	cve
EUVD	EUVD-2025-35742	24 Oct 202500:30	–	euvd
NVD	CVE-2025-61977	23 Oct 202522:15	–	nvd
RedhatCVE	CVE-2025-61977	24 Oct 202522:38	–	redhatcve
Vulnrichment	CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password	23 Oct 202521:51	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Productivity Suite",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW V4.2.1.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 3000 P3-622 CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW V4.2.1.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 3000 P3-550E CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW V4.2.1.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 3000 P3-530 CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW v4.4.1.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 2000 P2-622 CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW v4.4.1.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 2000 P2-550 CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW v4.4.1.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 1000 P1-550 CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThanOrEqual": "SW v4.4.1.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Productivity 1000 P1-540 CPU",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThan": "SW v4.4.1.19",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
automationdirect	www.automationdirect.com/support/software-downloads
support	www.support.automationdirect.com/docs/securityconsiderations.pdf
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

23 Oct 2025 21:51Current

CVSS 3.17

CVSS 47.3

EPSS0.0013

CWE-640