CVE-2026-60140: CWE-125 in AutomationDirect Productivity Suite
CVE-2026-60140 is an out-of-bounds read vulnerability in AutomationDirect's Productivity Suite. A local attacker with low privileges can send a crafted IOCTL request that triggers kernel memory corruption. This may expose sensitive information or cause the product to become unstable or unavailable. The vulnerability has a CVSS score of 6.1, indicating medium severity. No patch or official remediation has been confirmed at this time.
AI Analysis
Technical Summary
This vulnerability (CWE-125) involves an out-of-bounds read in the Productivity Suite by AutomationDirect. A local attacker with low privileges can exploit this by sending a specially crafted IOCTL request, leading to kernel memory corruption. The impact includes potential exposure of sensitive information and denial of service due to instability or unavailability of the affected product. The CVSS vector indicates local attack vector, low attack complexity, no user interaction, and partial confidentiality impact with high availability impact. No vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation can result in exposure of sensitive information due to out-of-bounds memory reads and can cause the affected product to become unstable or unavailable, impacting system availability. Confidentiality impact is limited, integrity is not affected, and availability impact is high.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict local access to trusted users only to reduce risk of exploitation.
CVE-2026-60140: CWE-125 in AutomationDirect Productivity Suite
Description
CVE-2026-60140 is an out-of-bounds read vulnerability in AutomationDirect's Productivity Suite. A local attacker with low privileges can send a crafted IOCTL request that triggers kernel memory corruption. This may expose sensitive information or cause the product to become unstable or unavailable. The vulnerability has a CVSS score of 6.1, indicating medium severity. No patch or official remediation has been confirmed at this time.
CVSS v3.1
Score 6.1medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-125) involves an out-of-bounds read in the Productivity Suite by AutomationDirect. A local attacker with low privileges can exploit this by sending a specially crafted IOCTL request, leading to kernel memory corruption. The impact includes potential exposure of sensitive information and denial of service due to instability or unavailability of the affected product. The CVSS vector indicates local attack vector, low attack complexity, no user interaction, and partial confidentiality impact with high availability impact. No vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation can result in exposure of sensitive information due to out-of-bounds memory reads and can cause the affected product to become unstable or unavailable, impacting system availability. Confidentiality impact is limited, integrity is not affected, and availability impact is high.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict local access to trusted users only to reduce risk of exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-07-09T15:00:24.535Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a593c8b68715ace43a4aac3
Added to database: 07/16/2026, 20:18:19 UTC
Last enriched: 07/16/2026, 20:32:59 UTC
Last updated: 07/17/2026, 01:05:49 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.