CVE-2025-61977 identifies a vulnerability categorized under CWE-640 (Weak Password Recovery Mechanism) in AutomationDirect's Productivity Suite software version 4.4.1.19. The vulnerability arises from an insecure password recovery process that allows an attacker to decrypt an encrypted project by correctly answering only one recovery question. This weak mechanism undermines the confidentiality and integrity of encrypted project files, which are critical in industrial automation settings. The CVSS 4.0 score is 7.3 (high), reflecting a local attack vector (AV:L), high attack complexity (AC:H), no privileges required (PR:L), and no user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability of project data with high impact metrics. Exploitation requires local access to the system but does not require elevated privileges or user interaction, making it a significant risk if an attacker gains physical or remote local access. No patches or known exploits are currently available, indicating a window of exposure. The vulnerability was published on October 23, 2025, and assigned by ICS-CERT, emphasizing its relevance to industrial control systems security. The affected product is widely used in industrial automation for programming and managing PLCs and other control devices, making the vulnerability particularly critical in operational technology environments.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors relying on AutomationDirect's Productivity Suite, this vulnerability poses a substantial risk. Attackers exploiting this flaw can decrypt sensitive automation project files, potentially leading to intellectual property theft, sabotage, or unauthorized modifications to control logic. This could result in operational disruptions, safety hazards, and financial losses. The requirement for local access limits remote exploitation but does not eliminate risk, as insiders or attackers with physical or network-level local access could leverage this vulnerability. The high impact on confidentiality and integrity could undermine trust in automation systems and complicate compliance with data protection regulations such as GDPR if sensitive operational data is exposed. Additionally, the lack of patches increases exposure time, necessitating immediate compensating controls.

1. Restrict and tightly control local access to systems running Productivity Suite, including physical security measures and network segmentation to limit lateral movement. 2. Implement strict access controls and monitor user activities on affected systems to detect unauthorized access attempts. 3. Enhance the complexity and unpredictability of recovery questions or disable the recovery mechanism if possible until a patch is available. 4. Regularly back up encrypted project files and maintain offline copies to enable recovery in case of compromise. 5. Engage with AutomationDirect for updates and apply patches promptly once released. 6. Conduct security awareness training for personnel with access to these systems, emphasizing the risks of local access compromise. 7. Employ endpoint detection and response (EDR) solutions to identify suspicious local activities related to password recovery or decryption attempts. 8. Consider deploying additional encryption layers or alternative secure storage solutions for critical project files.