Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (CERTVDE) · only source for this CVE.
CVSS VectorVendor: CERTVDE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
AnalysisAI
Arbitrary file deletion in MBS Universal Gateway (UGW) product line allows authenticated remote attackers to delete local files on the device via the ugw-logstop method, which fails to validate user-supplied path input. The flaw affects MBS Single-A, Double-A (Profibus, X-link), Single-X, and Double-X (CAN, DALI, KNX, LON, M-Bus, Profinet) industrial protocol gateways. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must possess valid low-privilege user credentials on the MBS UGW device (CVSS PR:L) and have network reachability to the gateway's management service that exposes the ugw-logstop method. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:N, VI:H/VA:H) indicates a network-reachable, low-complexity attack requiring only basic authenticated user privileges with no user interaction and high impact on integrity and availability - but no confidentiality impact, consistent with file deletion rather than data exfiltration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege user credentials on an MBS UGW gateway - for example via a phished engineering workstation, a default/weak password, or lateral movement within an OT network - connects to the device's management interface over the network and invokes the ugw-logstop method with a crafted path argument (e.g., a traversal sequence pointing to a critical configuration file, certificate, or runtime binary). The deletion of that file disrupts gateway operation, potentially halting fieldbus protocol translation between the corporate/SCADA layer and Profibus/Profinet/KNX/etc. … |
| Remediation | Patch status from available data is unclear: no fix version is enumerated in the provided intelligence, so consult the CERT@VDE advisory at https://www.certvde.com/en/advisories/VDE-2026-039/ for the vendor-released patched firmware version for each affected MBS gateway model and apply it as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all MBS UGW devices in production, document firmware versions and model variants, and review administrative access logs for suspicious file deletion activity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Credential disclosure in MBS industrial protocol gateways (Single-A, Double-A, Single-X, and Double-X product families)
Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated r
Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows a
Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A
Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines c
Arbitrary file deletion in MBS GmbH universal gateway (UGW) products allows authenticated remote users to remove files o
Arbitrary file deletion in MBS Universal Gateway (UGW) products allows authenticated remote attackers with low-privilege
Arbitrary file deletion in MBS Universal Gateway (UGW) product family allows authenticated remote attackers to remove an
Arbitrary file deletion in MBS GmbH industrial gateway products (single-a, double-a, single-x, double-x variants across
Privilege escalation / denial of service in MBS Universal Gateway (UGW) product family allows an authenticated low-privi
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34074
GHSA-2jpx-w8gq-pj3x