MB-Gateway devices manufactured by industrial automation company AutomationDirect
are vulnerable to remote attacks, including those coming directly from the internet, due to a critical flaw.
The vulnerability was disclosed on Tuesday by the cybersecurity agency CISA, which issued an advisory stating that the affected Modbus gateway product is used globally, including in critical infrastructure systems.
CISA identified the flaw as CVE-2025-36535. It received a maximum CVSS score of 10 and is caused by missing authentication in the product's embedded webserver, potentially enabling unrestricted remote access.
Due to hardware limitations, AutomationDirect cannot release an access control update to fix the problem. Instead, the company is advising customers to replace the MB-Gateway product with the EKI-1221-CE gateway.
Souvik Kandar, a researcher at Microsec who discovered the issue, told SecurityWeek that the vulnerability is exploitable remotely over the internet. He noted that more than 100 web-exposed devices could be affected.
“The issue comes from the absence of authentication on the device’s embedded web interface. Anyone with internet access can reach the configuration panel without using any login credentials,” Kandar explained.
He added that the exposed interface reveals sensitive device information such as internal IP addresses, firmware versions, Modbus configurations, and serial communication settings.
Kandar warned that exploitation of this vulnerability could have serious consequences in certain industrial settings. An attacker might be able to remotely alter device configurations, disrupt or manipulate Modbus communications, gather detailed network and system information to move laterally, and in some cases, execute arbitrary code depending on the device’s setup and exposed functions.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
