Critical flaw allows remote hacking of AutomationDirect industrial gateway

MB-Gateway devices made by industrial automation firm AutomationDirect are exposed to remote attacks — including directly from the internet — due to a critical vulnerability.

The existence of the vulnerability was disclosed on Tuesday by the cybersecurity agency CISA, which noted in its advisory that the vulnerable Modbus gateway product is used worldwide, including in critical infrastructure. 

CISA described the vulnerability, which is tracked as CVE-2025-36535 and has a CVSS score of 10, as a missing authentication issue in the product’s embedded webserver, potentially allowing unrestricted remote access.

Read more at SecurityWeek