VYPR
Vendor

Automationdirect

Products
20
CVEs
48
Across products
59
Status
Private

Products

20

Recent CVEs

48
View all 48 CVEs →
  • CVE-2025-61934CriOct 23, 2025
    risk 0.65cvss 10.0epss 0.01

    A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files…

  • CVE-2025-36535CriMay 21, 2025
    risk 0.65cvss 10.0epss 0.01

    The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

  • CVE-2025-0960CriFeb 4, 2025
    risk 0.64cvss 9.8epss 0.01

    AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.

  • CVE-2025-62498HigOct 23, 2025
    risk 0.57cvss 8.8epss 0.01

    A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

  • CVE-2025-55069HigSep 23, 2025
    risk 0.54cvss 8.3epss 0.00

    A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises…

  • CVE-2017-14020HigNov 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number…

  • CVE-2025-58429HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.

  • CVE-2025-58078HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target…

  • CVE-2024-25136HigMar 26, 2024
    risk 0.49cvss 7.5epss 0.01

    There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

  • CVE-2025-62688HigOct 23, 2025
    risk 0.46cvss 7.1epss 0.00

    An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.

  • CVE-2025-61977HigOct 23, 2025
    risk 0.46cvss 7.0epss 0.00

    A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

  • CVE-2025-58456MedOct 23, 2025
    risk 0.44cvss 6.8epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

  • CVE-2025-55038MedSep 23, 2025
    risk 0.44cvss 6.8epss 0.00

    An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and…

  • CVE-2024-25138MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.00

    In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.

  • CVE-2025-57882MedSep 23, 2025
    risk 0.38cvss 5.9epss 0.00

    An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in…

  • CVE-2025-58069MedSep 23, 2025
    risk 0.34cvss 5.3epss 0.00

    The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session.

  • CVE-2024-25137MedMar 26, 2024
    risk 0.28cvss 4.3epss 0.00

    In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.

  • CVE-2025-54855MedSep 23, 2025
    risk 0.27cvss 4.2epss 0.00

    Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system, while an administrator session is active, to steal credentials stored in clear text.

  • CVE-2025-60023MedOct 23, 2025
    risk 0.26cvss 4.0epss 0.00

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.

  • CVE-2025-59776MedOct 23, 2025
    risk 0.26cvss 4.0epss 0.00

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.