CVE-2025-58456 is a relative path traversal vulnerability classified under CWE-23 found in AutomationDirect's Productivity Suite software version 4.4.1.19. This vulnerability allows an unauthenticated remote attacker to exploit the ProductivityService PLC simulator component to read arbitrary files on the target machine. The flaw arises from insufficient validation of file path inputs, enabling traversal outside the intended directory scope. The attacker can craft specially formed requests to access sensitive system files, potentially exposing configuration files, credentials, or other critical data. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N) indicates high confidentiality impact with low attack complexity and no privileges needed. Although no public exploits have been reported yet, the vulnerability's characteristics make it a prime target for attackers seeking to gather intelligence or prepare for further attacks on industrial control systems. The affected product is widely used in industrial automation environments, where PLC simulators play a critical role in testing and development. The lack of available patches at the time of disclosure necessitates immediate risk mitigation through network segmentation and access controls.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors relying on AutomationDirect's Productivity Suite, this vulnerability poses a significant risk of unauthorized data disclosure. Attackers could leverage the path traversal flaw to access sensitive files containing operational parameters, credentials, or proprietary information, potentially leading to intellectual property theft or preparation for more damaging attacks. The exposure of configuration files could also facilitate further compromise or disruption of industrial control processes. Given the high confidentiality impact and ease of exploitation without authentication, the threat could affect operational continuity and regulatory compliance, particularly under GDPR and NIS Directive frameworks. Organizations operating in sectors with stringent cybersecurity requirements may face legal and reputational consequences if exploited. The vulnerability's presence in PLC simulation software also raises concerns about the integrity of testing environments, which could indirectly affect production systems if compromised.

Immediate mitigation should focus on restricting network access to the ProductivityService PLC simulator, ideally isolating it within a secure network segment inaccessible from untrusted networks. Implement strict firewall rules and network segmentation to limit exposure. Monitor network traffic for unusual requests targeting the ProductivityService interface. Employ intrusion detection systems configured to detect path traversal patterns. Since no patches are currently available, organizations should consider disabling or uninstalling the vulnerable ProductivityService component if feasible until a vendor fix is released. Review and harden file system permissions on systems running the Productivity Suite to minimize the impact of unauthorized file access. Additionally, conduct thorough audits of exposed systems for signs of compromise and ensure backups of critical data are maintained. Once the vendor releases patches, prioritize their deployment following testing in controlled environments. Finally, raise awareness among operational technology (OT) and IT security teams about this vulnerability to ensure coordinated response efforts.