CVE-2025-36535

Critical CVSS: 10.0

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2025-05-21 20:15:31

Güncelleme

2025-05-21 20:24:58

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-306 CRITICAL 2025

Referanslar

https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09