ProSoft Technology ICX35-HWC cellular gateways contain a critical authentication bypass vulnerability that grants unauthenticated remote attackers complete administrative control over the device.

A flaw in the firmware's web user interface allows attackers to circumvent the authentication mechanism entirely, providing unauthenticated access to all administrative settings and configuration functions.

An attacker with administrative access can redirect network traffic, disable communications, or use the gateway as a pivot point into the internal industrial network. The CVSS score of 9.1 highlights the severe risk to critical infrastructure connectivity.

Immediate Action: Update the ICX35-HWC firmware to a version newer than 1.3 immediately to resolve the authentication flaw.

Proactive Monitoring: Monitor for unauthorized configuration changes and review device logs for administrative logins from unexpected external IP addresses.

Compensating Controls: Disable the web management interface on the cellular (WAN) side and require a secure VPN connection for any remote administrative access.

Public Exploit Available: false

Administrative access bypasses on gateway devices are high-impact events. It is critical to update the firmware on all ProSoft ICX35-HWC units to prevent unauthorized actors from seizing control of remote communication links.