- Description
- The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Deferred
- CNA Tags
- unsupported-when-assigned
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- ics-cert@hq.dhs.gov
- CWE-306
- Hype score
- Not currently trending
Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535. The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gatew...
@SecurityAid
28 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-36535
@transilienceai
23 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535. Read more: https://t.co/QqwyS1H86U #TheWorldwideThreat #TWWTPodcast #Hacking #CyberThreat #News
@WThreat59380
22 May 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/YZANxqF1mM 🚨🚨CVE-2025-36535 (CVSS: 10) hits AutomationDirect MB-Gateway HARD! No authentication needed for remote access to critical functions. Attackers can tamper configs, disrupt ops, or even execute arbit
@zoomeye_team
22 May 2025
328 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
産業用自動化機器メーカーAutomationDirectのMB-Gateway製品に、インターネット経由でも悪用可能な重大な脆弱性(CVE-2025-36535)が存在するとCISAが発表した。 組み込みWebサーバに認証が存在しないため、誰でも設定
@yousukezan
21 May 2025
726 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-36535: CRITICAL] Unsecured embedded web servers pose significant cyber threats by granting unauthorized remote access, potentially causing critical system compromise or data breaches. #CyberSecurity#cve,CVE-2025-36535,#cybersecurity https://t.co/WO8U3ueRE2 https://t.co/
@CveFindCom
21 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes