CVE-2025-58429 is a relative path traversal vulnerability identified in AutomationDirect's Productivity Suite software, specifically version 4.4.1.19. The vulnerability stems from improper validation of file paths in the ProductivityService PLC simulator component, allowing an unauthenticated remote attacker to craft requests that traverse directories and delete arbitrary files on the host system. This attack vector exploits CWE-23, which involves relative path traversal leading to unauthorized file system access. The vulnerability requires no authentication (PR:N) and no user interaction (UI:N), making it remotely exploitable over the network (AV:N). The attack complexity is low (AC:L), though it requires some attacker privileges in terms of access to the ProductivityService interface (AT:P). The impact on confidentiality is none (VC:N), but integrity is low (VI:L) and availability is high (VA:H), as file deletion can disrupt system operations. The scope is limited to the vulnerable Productivity Suite installation but can have significant operational impact in industrial control environments. No patches are currently linked, and no known exploits are reported in the wild, but the vulnerability is publicly disclosed and rated with a CVSS 4.0 score of 8.3 (high severity).

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors relying on AutomationDirect's Productivity Suite for PLC simulation and control, this vulnerability poses a significant risk. Successful exploitation can lead to deletion of critical files, potentially causing system downtime, loss of operational data, and disruption of industrial processes. This can affect production lines, safety systems, and operational continuity, leading to financial losses and safety hazards. The unauthenticated nature of the exploit increases the risk of external attackers or insider threats causing damage without needing credentials. Given the integration of such software in industrial control systems (ICS), the impact extends beyond IT to operational technology (OT) environments, where recovery and patching are often more complex and slower. The lack of known exploits currently provides a window for proactive mitigation, but the high severity score indicates urgent attention is needed.

1. Immediately restrict network access to the ProductivityService PLC simulator interface using firewalls and network segmentation to limit exposure to trusted hosts only. 2. Monitor network traffic for unusual requests targeting the ProductivityService, especially those attempting directory traversal patterns. 3. Implement strict access controls and isolate the Productivity Suite environment from general corporate networks and the internet. 4. Regularly back up critical files and system configurations to enable recovery in case of file deletion. 5. Engage with AutomationDirect for official patches or updates addressing this vulnerability and apply them promptly once available. 6. Conduct security audits and penetration testing focused on path traversal and file system access controls within the Productivity Suite environment. 7. Educate operational technology staff about this vulnerability and ensure incident response plans include scenarios involving file deletion attacks. 8. Consider deploying host-based intrusion detection systems (HIDS) to detect unauthorized file system changes on machines running the Productivity Suite.