Search

Find a vulnerability

Search criteria

    52 vulnerabilities by MBS

    CVE-2026-35085 (GCVE-0-2026-35085)

    Vulnerability from nvd – Published: 2026-06-03 10:42 – Updated: 2026-07-03 08:53
    VLAI
    Title
    Stack buffer overflow in method gdv-serverconfig
    Summary
    A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:38:10.423532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:38:18.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.\u003c/p\u003e"
                }
              ],
              "value": "A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:53:29.811Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow in method gdv-serverconfig",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35085",
        "datePublished": "2026-06-03T10:42:22.835Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:53:29.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35084 (GCVE-0-2026-35084)

    Vulnerability from nvd – Published: 2026-06-03 10:42 – Updated: 2026-07-03 08:53
    VLAI
    Title
    Stack buffer overflow in method dali-devconfig
    Summary
    A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T19:14:32.995589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T19:14:54.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.\u003c/p\u003e"
                }
              ],
              "value": "A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:53:13.982Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow in method dali-devconfig",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35084",
        "datePublished": "2026-06-03T10:42:03.287Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:53:13.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35083 (GCVE-0-2026-35083)

    Vulnerability from nvd – Published: 2026-06-03 10:41 – Updated: 2026-07-03 08:52
    VLAI
    Title
    Stack buffer overflow in method bac-deviceobject
    Summary
    A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:13:32.326556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:07:23.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.\u003c/p\u003e"
                }
              ],
              "value": "A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:52:40.177Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow in method bac-deviceobject",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35083",
        "datePublished": "2026-06-03T10:41:44.226Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:52:40.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35082 (GCVE-0-2026-35082)

    Vulnerability from nvd – Published: 2026-06-03 10:41 – Updated: 2026-07-03 08:52
    VLAI
    Title
    Local file inclusion vulnerability and deletion in ugw-logread method
    Summary
    The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35082",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T14:17:16.483140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:17:26.221Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. \u003c/p\u003e"
                }
              ],
              "value": "The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:52:21.717Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Local file inclusion vulnerability and deletion in ugw-logread method",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35082",
        "datePublished": "2026-06-03T10:41:00.660Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:52:21.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35081 (GCVE-0-2026-35081)

    Vulnerability from nvd – Published: 2026-06-03 10:40 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary process termination vulnerability in method ugw-logstop
    Summary
    The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35081",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:43:08.950874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:43:15.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:59.819Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary process termination vulnerability in method ugw-logstop",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35081",
        "datePublished": "2026-06-03T10:40:44.560Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:59.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35080 (GCVE-0-2026-35080)

    Vulnerability from nvd – Published: 2026-06-03 10:40 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-restoreinfo
    Summary
    The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35080",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:32:48.333684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:34:20.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:44.993Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-restoreinfo",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35080",
        "datePublished": "2026-06-03T10:40:25.172Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:44.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35079 (GCVE-0-2026-35079)

    Vulnerability from nvd – Published: 2026-06-03 10:39 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-restore
    Summary
    The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:38:56.295555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:39:03.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:26.663Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-restore",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35079",
        "datePublished": "2026-06-03T10:39:51.326Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:26.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35078 (GCVE-0-2026-35078)

    Vulnerability from nvd – Published: 2026-06-03 10:39 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-logstop
    Summary
    The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:13:48.270847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:07:29.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-logstop method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-logstop method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:10.458Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-logstop",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35078",
        "datePublished": "2026-06-03T10:39:33.498Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:10.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35077 (GCVE-0-2026-35077)

    Vulnerability from nvd – Published: 2026-06-03 10:39 – Updated: 2026-07-03 08:50
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-delete-file
    Summary
    The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T14:16:16.677133Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:16:50.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-delete-file method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-delete-file method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:50:46.714Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-delete-file",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35077",
        "datePublished": "2026-06-03T10:39:12.567Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:50:46.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35076 (GCVE-0-2026-35076)

    Vulnerability from nvd – Published: 2026-06-03 10:38 – Updated: 2026-07-03 08:50
    VLAI
    Title
    Arbitrary file delete vulnerability in method bac-scanresult
    Summary
    The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:43:26.903435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:43:33.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:50:25.377Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method bac-scanresult",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35076",
        "datePublished": "2026-06-03T10:38:49.975Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:50:25.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35075 (GCVE-0-2026-35075)

    Vulnerability from nvd – Published: 2026-06-03 10:38 – Updated: 2026-07-03 08:49
    VLAI
    Title
    Hardcoded default Password for Service Account
    Summary
    An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35075",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:39:57.652546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:41:59.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. \u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1393",
                  "description": "CWE-1393 Use of Default Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:49:03.078Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Hardcoded default Password for Service Account",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35075",
        "datePublished": "2026-06-03T10:38:23.515Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:49:03.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41772 (GCVE-0-2025-41772)

    Vulnerability from nvd – Published: 2026-03-09 08:18 – Updated: 2026-03-09 18:18
    VLAI
    Title
    wwwupdate.cgi Session token in URL
    Summary
    An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-598 - Use of GET Request Method With Sensitive Query Strings
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T18:17:43.406586Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T18:18:41.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:18:49.918Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "wwwupdate.cgi Session token in URL",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41772",
        "datePublished": "2026-03-09T08:18:49.918Z",
        "dateReserved": "2025-04-16T11:18:45.761Z",
        "dateUpdated": "2026-03-09T18:18:41.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41767 (GCVE-0-2025-41767)

    Vulnerability from nvd – Published: 2026-03-09 08:18 – Updated: 2026-03-09 18:19
    VLAI
    Title
    Signature bypass on update upload
    Summary
    A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T18:18:54.140033Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T18:19:09.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.\u003cbr\u003e"
                }
              ],
              "value": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:18:17.428Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Signature bypass on update upload",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41767",
        "datePublished": "2026-03-09T08:18:17.428Z",
        "dateReserved": "2025-04-16T11:18:45.761Z",
        "dateUpdated": "2026-03-09T18:19:09.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41766 (GCVE-0-2025-41766)

    Vulnerability from nvd – Published: 2026-03-09 08:18 – Updated: 2026-03-09 20:14
    VLAI
    Title
    Stack buffer overflow on parsing web request
    Summary
    A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41766",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:03:36.827793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:14:03.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:18:03.783Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow on parsing web request",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41766",
        "datePublished": "2026-03-09T08:18:03.783Z",
        "dateReserved": "2025-04-16T11:18:45.761Z",
        "dateUpdated": "2026-03-09T20:14:03.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41765 (GCVE-0-2025-41765)

    Vulnerability from nvd – Published: 2026-03-09 08:17 – Updated: 2026-03-09 20:14
    VLAI
    Title
    Unchecked role in wwwupload.cgi
    Summary
    Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41765",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:03:25.311007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:14:03.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.\u003cbr\u003e"
                }
              ],
              "value": "Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:17:54.920Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unchecked role in wwwupload.cgi",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41765",
        "datePublished": "2026-03-09T08:17:54.920Z",
        "dateReserved": "2025-04-16T11:18:45.760Z",
        "dateUpdated": "2026-03-09T20:14:03.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41764 (GCVE-0-2025-41764)

    Vulnerability from nvd – Published: 2026-03-09 08:17 – Updated: 2026-03-09 20:14
    VLAI
    Title
    Unchecked role in wwwupdate.cgi
    Summary
    Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41764",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:03:13.228044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:14:04.019Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.\u003cbr\u003e"
                }
              ],
              "value": "Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:17:45.486Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unchecked role in wwwupdate.cgi",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41764",
        "datePublished": "2026-03-09T08:17:45.486Z",
        "dateReserved": "2025-04-16T11:18:45.760Z",
        "dateUpdated": "2026-03-09T20:14:04.019Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41763 (GCVE-0-2025-41763)

    Vulnerability from nvd – Published: 2026-03-09 08:17 – Updated: 2026-03-09 20:14
    VLAI
    Title
    Unchecked role in wwwdnload.cgi
    Summary
    A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:03:00.492923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:14:04.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low\u2011privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.\u003cbr\u003e"
                }
              ],
              "value": "A low\u2011privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:17:36.947Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unchecked role in wwwdnload.cgi",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41763",
        "datePublished": "2026-03-09T08:17:36.947Z",
        "dateReserved": "2025-04-16T11:18:45.760Z",
        "dateUpdated": "2026-03-09T20:14:04.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41762 (GCVE-0-2025-41762)

    Vulnerability from nvd – Published: 2026-03-09 08:17 – Updated: 2026-03-09 20:14
    VLAI
    Title
    Secret leak with wwwdnload.cgi
    Summary
    An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:02:52.027636Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:14:04.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-328",
                  "description": "CWE-328 Use of Weak Hash",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:17:27.510Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Secret leak with wwwdnload.cgi",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41762",
        "datePublished": "2026-03-09T08:17:27.510Z",
        "dateReserved": "2025-04-16T11:18:45.760Z",
        "dateUpdated": "2026-03-09T20:14:04.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41761 (GCVE-0-2025-41761)

    Vulnerability from nvd – Published: 2026-03-09 08:17 – Updated: 2026-03-09 20:14
    VLAI
    Title
    Privilege escalation possible
    Summary
    A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS UBR-01 Mk II Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-02 Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    MBS UBR-LON Affected: 0.0.0 , < 6.0.1.0 (semver)
    Create a notification for this product.
    Credits
    Adrien Rey from Cyber Defense Campus Zurich Daniel Hulliger from Armasuisse
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T20:02:37.352857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T20:14:04.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UBR-01 Mk II",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-02",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UBR-LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "6.0.1.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Adrien Rey from Cyber Defense Campus Zurich"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Daniel Hulliger from Armasuisse"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low\u2011privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.\u003cbr\u003e"
                }
              ],
              "value": "A low\u2011privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:17:11.116Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.mbs-solutions.de/mbs-2025-0001"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641895"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Privilege escalation possible",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41761",
        "datePublished": "2026-03-09T08:17:11.116Z",
        "dateReserved": "2025-04-16T11:18:45.760Z",
        "dateUpdated": "2026-03-09T20:14:04.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35085 (GCVE-0-2026-35085)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:42 – Updated: 2026-07-03 08:53
    VLAI
    Title
    Stack buffer overflow in method gdv-serverconfig
    Summary
    A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:38:10.423532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:38:18.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.\u003c/p\u003e"
                }
              ],
              "value": "A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:53:29.811Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow in method gdv-serverconfig",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35085",
        "datePublished": "2026-06-03T10:42:22.835Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:53:29.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35084 (GCVE-0-2026-35084)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:42 – Updated: 2026-07-03 08:53
    VLAI
    Title
    Stack buffer overflow in method dali-devconfig
    Summary
    A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T19:14:32.995589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T19:14:54.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.\u003c/p\u003e"
                }
              ],
              "value": "A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:53:13.982Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow in method dali-devconfig",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35084",
        "datePublished": "2026-06-03T10:42:03.287Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:53:13.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35083 (GCVE-0-2026-35083)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:41 – Updated: 2026-07-03 08:52
    VLAI
    Title
    Stack buffer overflow in method bac-deviceobject
    Summary
    A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:13:32.326556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:07:23.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.\u003c/p\u003e"
                }
              ],
              "value": "A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:52:40.177Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow in method bac-deviceobject",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35083",
        "datePublished": "2026-06-03T10:41:44.226Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:52:40.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35082 (GCVE-0-2026-35082)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:41 – Updated: 2026-07-03 08:52
    VLAI
    Title
    Local file inclusion vulnerability and deletion in ugw-logread method
    Summary
    The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35082",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T14:17:16.483140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:17:26.221Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. \u003c/p\u003e"
                }
              ],
              "value": "The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:52:21.717Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Local file inclusion vulnerability and deletion in ugw-logread method",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35082",
        "datePublished": "2026-06-03T10:41:00.660Z",
        "dateReserved": "2026-04-01T08:28:27.142Z",
        "dateUpdated": "2026-07-03T08:52:21.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35081 (GCVE-0-2026-35081)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:40 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary process termination vulnerability in method ugw-logstop
    Summary
    The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35081",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:43:08.950874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:43:15.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:59.819Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary process termination vulnerability in method ugw-logstop",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35081",
        "datePublished": "2026-06-03T10:40:44.560Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:59.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35080 (GCVE-0-2026-35080)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:40 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-restoreinfo
    Summary
    The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35080",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:32:48.333684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:34:20.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:44.993Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-restoreinfo",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35080",
        "datePublished": "2026-06-03T10:40:25.172Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:44.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35079 (GCVE-0-2026-35079)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:39 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-restore
    Summary
    The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:38:56.295555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:39:03.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:26.663Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-restore",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35079",
        "datePublished": "2026-06-03T10:39:51.326Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:26.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35078 (GCVE-0-2026-35078)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:39 – Updated: 2026-07-03 08:51
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-logstop
    Summary
    The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:13:48.270847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:07:29.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-logstop method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-logstop method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:51:10.458Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-logstop",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35078",
        "datePublished": "2026-06-03T10:39:33.498Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:51:10.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35077 (GCVE-0-2026-35077)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:39 – Updated: 2026-07-03 08:50
    VLAI
    Title
    Arbitrary file delete vulnerability in method ugw-delete-file
    Summary
    The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T14:16:16.677133Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:16:50.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe ugw-delete-file method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The ugw-delete-file method allows a remote attacker with user privileges  to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:50:46.714Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method ugw-delete-file",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35077",
        "datePublished": "2026-06-03T10:39:12.567Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:50:46.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35076 (GCVE-0-2026-35076)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:38 – Updated: 2026-07-03 08:50
    VLAI
    Title
    Arbitrary file delete vulnerability in method bac-scanresult
    Summary
    The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:43:26.903435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:43:33.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.\u003c/p\u003e"
                }
              ],
              "value": "The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:50:25.377Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary file delete vulnerability in method bac-scanresult",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35076",
        "datePublished": "2026-06-03T10:38:49.975Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:50:25.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-35075 (GCVE-0-2026-35075)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:38 – Updated: 2026-07-03 08:49
    VLAI
    Title
    Hardcoded default Password for Service Account
    Summary
    An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    MBS Single-A Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A Profibus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-A x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Single-X Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X CAN Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X PROFINET Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Double-X x-link Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X KNX+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+DALI Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+KNX Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+LON Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    MBS Triple-X PROFINET+M-Bus Affected: V1_00_00 , < V6_00_07 (semver)
    Create a notification for this product.
    Credits
    Daniel Hulliger from Armasuisse Cyber-Defence campus. Damian Pfammatter from Armasuisse Cyber-Defence campus. Adrien Rey from Armasuisse Cyber Defense Campus Zurich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35075",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:39:57.652546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:41:59.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Single-A",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A Profibus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-A x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Single-X",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X CAN",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X PROFINET",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Double-X x-link",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X KNX+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+DALI",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+KNX",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+LON",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Triple-X PROFINET+M-Bus",
              "vendor": "MBS",
              "versions": [
                {
                  "lessThan": "V6_00_07",
                  "status": "affected",
                  "version": "V1_00_00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            },
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "V6_00_07",
                      "versionStartIncluding": "V1_00_00",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Hulliger from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Damian Pfammatter from Armasuisse Cyber-Defence campus."
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adrien Rey from Armasuisse Cyber Defense Campus Zurich"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. \u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1393",
                  "description": "CWE-1393 Use of Default Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T08:49:03.078Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.certvde.com/en/advisories/VDE-2026-039/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-039",
            "defect": [
              "CERT@VDE#642009"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Hardcoded default Password for Service Account",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-35075",
        "datePublished": "2026-06-03T10:38:23.515Z",
        "dateReserved": "2026-04-01T08:28:27.141Z",
        "dateUpdated": "2026-07-03T08:49:03.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }