CVE-2025-61977 - Vulnerability Details

A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Automationdirect	P1-540 P1-550 P2-550 P2-622 P3-530 P3-550e P3-622 Productivity Suite

No data.

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
https://support.automationdirect.com/docs/securityconsiderations.pdf
https://www.automationdirect.com/support/software-downloads
https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

History

Fri, 24 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 24 Oct 2025 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Automationdirect Automationdirect p1-540 Automationdirect p1-550 Automationdirect p2-550 Automationdirect p2-622 Automationdirect p3-530 Automationdirect p3-550e Automationdirect p3-622 Automationdirect productivity Suite
Vendors & Products		Automationdirect Automationdirect p1-540 Automationdirect p1-550 Automationdirect p2-550 Automationdirect p2-622 Automationdirect p3-530 Automationdirect p3-550e Automationdirect p3-622 Automationdirect productivity Suite

Thu, 23 Oct 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.
Title		AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password
Weaknesses		CWE-640
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json https://support.automationdirect.com/docs/securityconsiderations.pdf https://www.automationdirect.com/support/software-downloads https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
Metrics		cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-10-23T21:51:56.523Z

Updated: 2025-10-24T14:34:02.891Z

Reserved: 2025-10-21T21:55:11.830Z

Link: CVE-2025-61977

Vulnrichment

Updated: 2025-10-24T14:33:57.932Z

NVD

Status : Awaiting Analysis

Published: 2025-10-23T22:15:48.887

Modified: 2025-10-27T13:20:15.637

Link: CVE-2025-61977

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object