A critical vulnerability has been identified in MB-Gateway devices from AutomationDirect, allowing remote and internet-exposed attacks on industrial systems. The flaw impacts the deviceβs web interface, enabling unauthorized access and potential manipulation of industrial communications and configurations. #CVE-2025-36535 #ModbusGateway
Keypoints
- The vulnerability affects MB-Gateway devices used in critical infrastructure worldwide.
- The security flaw is due to missing authentication in the deviceβs embedded webserver.
- Remote attackers can exploit the vulnerability without credentials via the internet.
- Compromised devices can be manipulated to disrupt Modbus communications and modify settings.
- AutomationDirect recommends replacing impacted devices with the newer EKI-1221-CE model.