CVE-2025-60023 identifies a relative path traversal vulnerability (CWE-23) in AutomationDirect's Productivity Suite software version 4.4.1.19. This vulnerability allows unauthenticated remote attackers to exploit the ProductivityService PLC simulator component to delete arbitrary directories on the host machine. The root cause is insufficient validation of file path inputs, enabling attackers to traverse directories and perform unauthorized file system operations. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 6.3 (medium), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and limited impact on integrity and availability. Although no public exploits are currently known, the ability to delete arbitrary directories could disrupt industrial control system operations, cause data loss, or lead to denial of service conditions. The affected product is widely used in industrial automation for programming and simulating PLCs, making this vulnerability particularly relevant to critical infrastructure environments. The lack of available patches at the time of disclosure necessitates immediate mitigation through network segmentation and monitoring. This vulnerability highlights the importance of secure coding practices in industrial control software, especially regarding input validation and access controls.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors relying on AutomationDirect's Productivity Suite, this vulnerability poses a significant operational risk. Successful exploitation could lead to deletion of critical directories, resulting in loss of configuration files, simulation data, or other essential resources, causing downtime or degraded control system performance. This may disrupt production lines, energy distribution, or other automated processes, potentially leading to financial losses and safety hazards. The unauthenticated nature of the exploit increases the threat from external attackers or insider threats with network access. Additionally, the vulnerability could be leveraged as a foothold for further attacks within industrial networks. Given Europe's strong industrial base and reliance on automation technologies, the impact could extend to supply chain disruptions and critical service interruptions. Organizations may also face regulatory and compliance challenges if operational disruptions affect safety or data integrity. The medium severity rating suggests a moderate but non-negligible risk that requires timely mitigation to prevent escalation.

1. Immediately restrict network access to the ProductivityService PLC simulator component by implementing firewall rules and network segmentation to limit exposure to trusted hosts only. 2. Monitor network traffic and system logs for unusual file system operations or directory deletions related to the ProductivityService. 3. Apply vendor patches or updates as soon as they become available to address the path traversal vulnerability directly. 4. Implement strict input validation and sanitization controls on file path inputs within the application environment, if possible through configuration or custom wrappers. 5. Conduct regular backups of critical configuration files and simulation data to enable recovery in case of data deletion. 6. Employ intrusion detection systems (IDS) tailored for industrial control systems to detect anomalous activities. 7. Train operational technology (OT) and IT security teams on this vulnerability and response procedures to ensure rapid incident handling. 8. Review and enforce least privilege principles on systems running Productivity Suite to minimize potential damage from exploitation. 9. Engage with AutomationDirect support and ICS cybersecurity communities for updates and shared intelligence. 10. Consider deploying application-layer firewalls or proxies that can inspect and block malicious path traversal attempts targeting the ProductivityService.