CVE-2025-36535 is a critical vulnerability identified in the AutomationDirect MB-Gateway product, which is an industrial automation device used for communication and control in various operational technology (OT) environments. The vulnerability is classified under CWE-306, indicating a missing authentication for a critical function. Specifically, the embedded web server within the MB-Gateway lacks any form of authentication or access control mechanisms. This design flaw allows any remote attacker to access the device's web interface without credentials or restrictions. As a result, an attacker can perform unauthorized configuration changes, disrupt normal operations, or potentially execute arbitrary code depending on the device's environment and the functionalities exposed through the web server. The vulnerability affects all versions of the MB-Gateway product, making it a widespread risk for all users of this device. The CVSS 4.0 base score is 10.0, reflecting the highest severity due to the vulnerability's network attack vector (AV:N), no required attack complexity (AC:L), no privileges or authentication needed (PR:N, AT:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is rated as high, and the scope is high, indicating that exploitation can affect components beyond the vulnerable device itself. Although no known exploits are currently reported in the wild, the ease of exploitation and critical impact make this a significant threat to industrial control systems relying on MB-Gateway devices.

For European organizations, especially those operating in critical infrastructure sectors such as manufacturing, energy, utilities, and transportation, this vulnerability poses a severe risk. The MB-Gateway is commonly used in industrial automation to facilitate communication between different control systems and networks. Exploitation could lead to unauthorized changes in control logic, causing operational disruptions, safety hazards, or production downtime. Additionally, the possibility of arbitrary code execution could allow attackers to establish persistent footholds within OT networks, potentially leading to espionage, sabotage, or ransomware attacks. The lack of authentication means that attackers can remotely compromise devices without needing insider access or user interaction, increasing the likelihood of successful attacks. Given the interconnected nature of European industrial networks and the increasing adoption of Industry 4.0 technologies, this vulnerability could have cascading effects, impacting supply chains and critical services.

Immediate mitigation should focus on isolating MB-Gateway devices from untrusted networks by implementing strict network segmentation and firewall rules to restrict access to the embedded web server. Organizations should deploy virtual private networks (VPNs) or secure jump hosts for any remote management needs. Since no patches are currently available, monitoring network traffic for unusual access patterns or unauthorized configuration changes is critical. Implementing intrusion detection systems (IDS) tailored for industrial protocols can help detect exploitation attempts. Additionally, organizations should conduct thorough asset inventories to identify all MB-Gateway devices and assess their exposure. Where possible, replace or upgrade devices with more secure alternatives that enforce authentication. Finally, establishing incident response plans specific to OT environments will help contain and remediate potential breaches stemming from this vulnerability.