CVE-2025-36535

AutomationDirect MB-Gateway Missing Authentication for Critical Function

Description

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

Remediation

Workaround:

  • The hardware limitation of MB-Gateway does not provide for the implementation of proper access control update. AutomationDirect recommends that users plan for replacement of MB-Gateway with EKI-1221-CE https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce . If an immediate replacement is not feasible, AutomationDirect recommends considering the following interim steps until the programming software can be updated: * Restrict network exposure: Ensure devices affected are not accessible from the Internet or untrusted networks. Place them behind firewalls. * Use dedicated, secure internal networks or air-gapped systems for communication with programmable devices. * Control Access: Restrict physical and logical access to authorized personnel only. * Implement Whitelisting: Use application whitelisting to allow only pre-approved and trusted access. Block untrusted or unauthorized applications. * Monitor and Log Activity: Enable logging and monitoring of system activities to detect potential anomalies or unauthorized actions. Regularly review logs for suspicious activity. * Use Secure Backup and Recovery: Regularly back up the workstation and its configurations to a secure location. Test recovery procedures to ensure minimal downtime in the event of an incident. * Plan for device replacement: Organizations should begin evaluating and migrating to supported hardware with active vendor support.

Category

10.0
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.08%
Affected: AutomationDirect MB-Gateway
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09
https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce

Frequently Asked Questions

What is the severity of CVE-2025-36535?
CVE-2025-36535 has been scored as a critical severity vulnerability.
How to fix CVE-2025-36535?
As a workaround for remediating CVE-2025-36535: The hardware limitation of MB-Gateway does not provide for the implementation of proper access control update. AutomationDirect recommends that users plan for replacement of MB-Gateway with EKI-1221-CE https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce . If an immediate replacement is not feasible, AutomationDirect recommends considering the following interim steps until the programming software can be updated: * Restrict network exposure: Ensure devices affected are not accessible from the Internet or untrusted networks. Place them behind firewalls. * Use dedicated, secure internal networks or air-gapped systems for communication with programmable devices. * Control Access: Restrict physical and logical access to authorized personnel only. * Implement Whitelisting: Use application whitelisting to allow only pre-approved and trusted access. Block untrusted or unauthorized applications. * Monitor and Log Activity: Enable logging and monitoring of system activities to detect potential anomalies or unauthorized actions. Regularly review logs for suspicious activity. * Use Secure Backup and Recovery: Regularly back up the workstation and its configurations to a secure location. Test recovery procedures to ensure minimal downtime in the event of an incident. * Plan for device replacement: Organizations should begin evaluating and migrating to supported hardware with active vendor support.
Is CVE-2025-36535 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-36535 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-36535?
CVE-2025-36535 affects AutomationDirect MB-Gateway.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.