AutomationDirect MB-Gateway Critical Function Missing Authentication Vulnerability (ICSA-25-140-09)

Critical Vulnerability Information 1. Vulnerability Overview Release Date: May 20, 2025 Alert Code: ICSA-25-140-09 Related Topics: Industrial Control System Vulnerabilities, Industrial Control Systems CVSS v3.1 Base Score: 10.0 Note: Remotely exploitable / Low attack complexity Vendor: AutomationDirect Device: MB-Gateway Vulnerability: Missing Authentication for Critical Function 2. Risk Assessment Successful exploitation of this vulnerability may allow an attacker to perform configuration changes, disrupt operations, or achieve arbitrary code execution. 3. Technical Details 3.1 Affected Products Affected AutomationDirect products: MB-Gateway: All versions 3.2 Vulnerability Description The embedded web server lacks authentication and access control, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functions. 3.3 Background Critical Infrastructure Sector: Critical Manufacturing Deployment Countries/Regions: Global Company Headquarters Location: United States 3.4 Researcher Souvik Kandar reported this vulnerability to AutomationDirect. AutomationDirect reported the vulnerability to CISA. 4. Mitigation Measures Hardware Limitations: The MB-Gateway hardware does not support implementing appropriate access control updates. Replacement Plan: AutomationDirect recommends users plan to replace MB-Gateway with Ezi-1221-CE. Network Protection: Ensure affected devices are not accessible from the internet or untrusted networks. Dedicated Network: Use dedicated internal networks or air-gapped systems for communication with programmable devices. Access Control: Restrict physical and logical access to authorized personnel only. Application Whitelisting: Implement application whitelisting to allow only pre-approved and trusted access. Monitoring and Logging: Enable logging and system activity monitoring to detect potential anomalies or unauthorized activities. Secure Backups and Recovery: Regularly back up workstations and their configurations to secure locations. Device Replacement Plan: Organizations should begin evaluating and migrating to hardware with active support. 5. Update History May 20, 2025: Initial release

Goal Reached Thanks to every supporter — we hit 100%!

AutomationDirect MB-Gateway Critical Function Missing Authentication Vulnerability (ICSA-25-140-09)

More from this source