CVE-2025-36535

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

CVSS

No CVSS.

References

Link	Resource
https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce
https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09

Configurations

No configuration.

History

21 May 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 20:15

Updated : 2025-05-21 20:24

NVD link : CVE-2025-36535

Mitre link : CVE-2025-36535

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

JSON object

Attach tags to CVE-2025-36535

Attach tags to `CVE-2025-36535`