CVE-2025-36535

Name of the Vulnerable Software and Affected Versions AutomationDirect MB-Gateway (affected versions not specified)

Description The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. More than 100 devices may be vulnerable to attacks from the internet. The issue poses significant cyber threats by granting unauthorized remote access, potentially causing critical system compromise or data breaches. It exposes industrial systems to remote hacking via the web interface, allowing unauthorized access and potential manipulation of Modbus communications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.