AutomationDirect MB-Gateway Missing Authentication Vulnerability Allowing Unrestricted Remote Access

A vulnerability exists in the AutomationDirect MB-Gateway product, specifically the EKI-1221-CE model, all versions. The embedded web server lacks authentication and access controls, enabling unrestricted remote access. This vulnerability could lead to unauthorized configuration changes, operational disruptions, or arbitrary code execution, depending on the environment and exposed functionality.

Impact

Exploitation of this vulnerability could allow an attacker to gain unauthorized remote access, potentially leading to configuration changes, disruption of operations, or arbitrary code execution on the affected system.

Remediation

AutomationDirect recommends replacing the MB-Gateway with the EKI-1221-CE model. If immediate replacement is not possible, users should restrict network exposure, control access, implement application whitelisting, monitor and log activity, use secure backup and recovery practices, and plan for device replacement. CISA also advises using secure remote access methods, such as VPNs, and following recommended cybersecurity strategies for proactive defense of ICS assets.