Industrial automation firm AutomationDirect's MB-Gateway devices, which are being leveraged in critical infrastructure organizations worldwide, have been impacted by a maximum severity missing authentication vulnerability, tracked as CVE-2025-36535, which could be exploited for remote intrusions, SecurityWeek reports.
More than 100 internet-exposed AutomationDirect MB-Gateway instances could be compromised in such intrusions, according to Microsec researcher Souvik Kandar, who discovered that the flaw arose from inadequate authentication within its embedded web interface. "The exposed interface leaks sensitive device parameters such as internal IPs, firmware versions, Modbus configuration, and serial communication settings," said Kandar, who noted that uncredentialed access to the configuration panel could be achieved through an internet connection alone. Organizations using the vulnerable MB-Gateway devices have been urged to implement the EKI-1221-CE gateway instead, with the Cybersecurity and Infrastructure Security Agency noting that appropriate access control updates could no longer be adopted due to the hardware restrictions of the device.
More than 100 internet-exposed AutomationDirect MB-Gateway instances could be compromised in such intrusions, according to Microsec researcher Souvik Kandar, who discovered that the flaw arose from inadequate authentication within its embedded web interface. "The exposed interface leaks sensitive device parameters such as internal IPs, firmware versions, Modbus configuration, and serial communication settings," said Kandar, who noted that uncredentialed access to the configuration panel could be achieved through an internet connection alone. Organizations using the vulnerable MB-Gateway devices have been urged to implement the EKI-1221-CE gateway instead, with the Cybersecurity and Infrastructure Security Agency noting that appropriate access control updates could no longer be adopted due to the hardware restrictions of the device.
