AutomationDirect MB-Gateway
Act Now10ICS-CERT ICSA-25-140-09May 20, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
MB-Gateway contains an improper access control vulnerability (CWE-306) that allows unauthenticated attackers to modify device configuration, disrupt Modbus communications, or execute arbitrary code. The vulnerability affects all versions of MB-Gateway. The underlying hardware architecture prevents implementation of proper authentication mechanisms. AutomationDirect recommends migration to the EKI-1221-CE hardware platform as the permanent solution.
What this means
What could happen
An attacker with network access to MB-Gateway could reconfigure device settings, interrupt normal operations (gateway stops relaying data between Modbus devices), or execute arbitrary code to alter process behavior across connected industrial equipment.
Who's at risk
Water and electric utility operations that use AutomationDirect MB-Gateway devices to communicate with Modbus-based PLCs, sensors, and other industrial equipment. This includes any facility with legacy Modbus networks where MB-Gateway bridges automation protocols.
How it could be exploited
An attacker sends unauthenticated network requests to MB-Gateway (Modbus gateway port) from any network location. The device lacks access control, so the attacker can read the firmware, modify configuration, or inject code without any credentials or user interaction.
Prerequisites
- Network reachability to MB-Gateway device on its service port
- No authentication required
- Device does not need to be Internet-exposed; can be exploited from any trusted network
Remotely exploitableNo authentication requiredLow complexity attackHardware limitation means no vendor patch possibleCVSS 10.0 (critical)All versions affected
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
MB-Gateway: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/8
Do now
0/5WORKAROUNDPlace MB-Gateway devices behind firewalls and restrict network access to authorized engineering workstations only
WORKAROUNDImplement air-gapped or dedicated secure internal networks for all Modbus communications involving MB-Gateway
HARDENINGRestrict physical access to MB-Gateway and connected engineering workstations to authorized personnel only
HARDENINGEnable logging and monitoring of network traffic to and from MB-Gateway; review logs regularly for unusual connection patterns or unauthorized configuration changes
WORKAROUNDIf remote access to MB-Gateway is necessary, route all traffic through a VPN and keep VPN software updated to the latest version
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXPlan and execute replacement of MB-Gateway with EKI-1221-CE (vendor-recommended successor hardware)
HARDENINGImplement application whitelisting on workstations that interface with MB-Gateway to block unauthorized tools
HARDENINGMaintain secure backups of device configuration and test recovery procedures regularly
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9cf9864f-62cf-441b-b425-e0ad7746f517