AutomationDirect Productivity Suite

Risk Summary

Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary code, disclose information, gain full-control access to projects, or obtain read and write access to files.

CVEs (9)

Remediations

• AutomationDirect recommends that users do the following:
• Update the Productivity Suite programming software to version 4.5.0.x or higher.
• Update the firmware of Productivity PLCs to the latest version. https://www.automationdirect.com/support/software-downloads
• Although automation networks and systems come equipped with built-in password protection mechanisms, this represents a fraction of the security measures needed to safeguard these systems.
• It is imperative that automation control system networks integrate data protection and security measures that match, if not exceed, the robustness of conventional business computer systems.
• AutomationDirect advises users of PLCs, HMI products, and SCADA systems to conduct a thorough network security analysis to ascertain the appropriate level of security necessary for their specific application.
• AutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to the latest version:
• Physically disconnect the PLC from any external networks, including the internet, local area networks (LANs), and other interconnected systems.
• Configure network segmentation to isolate the PLC from other devices and systems within the organization.
• Implement firewall rules or network access control (NAC) policies to block incoming and outgoing traffic to the PLC.
• Please refer to AutomationDirect's security considerations for additional information.
• If you have any questions regarding this issue, please contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for further assistance.

Affected Vendors

Affected Products (8)

Affected Sectors

Critical Manufacturing