AutomationDirect MB-Gateway

Plan PatchCVSS 10ICS-CERT ICSA-25-140-09May 20, 2025

AutomationDirect

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The MB-Gateway contains an improper access control vulnerability that allows an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. The vulnerability affects all versions of the MB-Gateway. AutomationDirect has determined that the hardware limitations of the device do not permit implementation of proper access controls and has no plan to issue a firmware fix. The vendor recommends replacement with the EKI-1221-CE.

What this means

What could happen

An attacker with network access to the MB-Gateway could change device configuration, halt operations, or run arbitrary code. Since this device is typically used in industrial automation and data gateway roles, compromise could directly affect manufacturing processes, tank levels, pump operation, or equipment sequencing.

Who's at risk

Organizations operating industrial automation and control systems that use the AutomationDirect MB-Gateway as a data gateway or communication bridge should be concerned. This includes water utilities with SCADA/DCS systems, wastewater treatment facilities, power distribution control systems, and manufacturers using the gateway for process monitoring or remote I/O connectivity.

How it could be exploited

An attacker on the network (either directly or via compromised internal system) sends an unauthenticated request to the MB-Gateway. The device processes the request without validating the source or requiring credentials, allowing the attacker to issue commands that modify configuration or execute code on the gateway.

Prerequisites

Network access to the MB-Gateway (direct or via compromised internal system)
No valid credentials required; vulnerability is exploitable from unauthenticated network position

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life product)CVSS score 10 (critical)Affects industrial automation and process control

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

MB-Gateway: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict network access to MB-Gateway: Place the device behind a firewall and limit access to only authorized engineering workstations and control systems. Block all external and untrusted network access.

HARDENINGAir-gap or isolate the MB-Gateway on a dedicated, physically separate internal network with no external connectivity.

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGEnable logging and monitoring on the MB-Gateway and connected systems. Regularly review logs for unauthorized configuration changes or suspicious command attempts.

HARDENINGCreate and test regular backups of MB-Gateway configuration to a secure, offline location. Document recovery procedures to minimize downtime if the device is compromised.

HOTFIXPlan and execute replacement of MB-Gateway with the EKI-1221-CE, which has active vendor support and can receive security updates.

Mitigations - no patch available

0/1

MB-Gateway: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict physical access to the MB-Gateway and connected engineering workstations to authorized personnel only.

CVEs (1)

CVE-2025-36535

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9cf9864f-62cf-441b-b425-e0ad7746f517

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.