Skip to main content

Severity by source

Vendor (CERTVDE) PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (CERTVDE) · only source for this CVE.

CVSS VectorVendor: CERTVDE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 03, 2026 - 13:36 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 03, 2026 - 13:36 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 03, 2026 - 13:22 vuln.today
cvss_changed
CVSS changed
Jun 03, 2026 - 13:22 NVD
8.1 (HIGH) 7.2 (HIGH)
Analysis Generated
Jun 03, 2026 - 12:52 vuln.today

DescriptionCVE.org

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

AnalysisAI

Arbitrary file deletion in MBS Universal Gateway (UGW) product line allows authenticated remote attackers to delete local files on the device via the ugw-logstop method, which fails to validate user-supplied path input. The flaw affects MBS Single-A, Double-A (Profibus, X-link), Single-X, and Double-X (CAN, DALI, KNX, LON, M-Bus, Profinet) industrial protocol gateways. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege gateway credentials
Delivery
Reach UGW management interface over network
Exploit
Invoke ugw-logstop with path-traversal filename
Execution
Gateway deletes targeted file without validation
Persist
Critical config or binary removed
Impact
Gateway service fails, OT protocol bridging disrupted

Vulnerability AssessmentAI

Exploitation Attacker must possess valid low-privilege user credentials on the MBS UGW device (CVSS PR:L) and have network reachability to the gateway's management service that exposes the ugw-logstop method. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:N, VI:H/VA:H) indicates a network-reachable, low-complexity attack requiring only basic authenticated user privileges with no user interaction and high impact on integrity and availability - but no confidentiality impact, consistent with file deletion rather than data exfiltration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege user credentials on an MBS UGW gateway - for example via a phished engineering workstation, a default/weak password, or lateral movement within an OT network - connects to the device's management interface over the network and invokes the ugw-logstop method with a crafted path argument (e.g., a traversal sequence pointing to a critical configuration file, certificate, or runtime binary). The deletion of that file disrupts gateway operation, potentially halting fieldbus protocol translation between the corporate/SCADA layer and Profibus/Profinet/KNX/etc. …
Remediation Patch status from available data is unclear: no fix version is enumerated in the provided intelligence, so consult the CERT@VDE advisory at https://www.certvde.com/en/advisories/VDE-2026-039/ for the vendor-released patched firmware version for each affected MBS gateway model and apply it as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all MBS UGW devices in production, document firmware versions and model variants, and review administrative access logs for suspicious file deletion activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-35075 CRITICAL
9.3 Jun 03

Credential disclosure in MBS industrial protocol gateways (Single-A, Double-A, Single-X, and Double-X product families)

CVE-2026-35082 HIGH
8.7 Jun 03

Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated r

CVE-2026-35085 HIGH
8.7 Jun 03

Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows a

CVE-2026-35084 HIGH
8.7 Jun 03

Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A

CVE-2026-35083 HIGH
8.7 Jun 03

Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines c

CVE-2026-35080 HIGH
7.2 Jun 03

Arbitrary file deletion in MBS GmbH universal gateway (UGW) products allows authenticated remote users to remove files o

CVE-2026-35079 HIGH
7.2 Jun 03

Arbitrary file deletion in MBS Universal Gateway (UGW) products allows authenticated remote attackers with low-privilege

CVE-2026-35077 HIGH
7.2 Jun 03

Arbitrary file deletion in MBS Universal Gateway (UGW) product family allows authenticated remote attackers to remove an

CVE-2026-35076 HIGH
7.2 Jun 03

Arbitrary file deletion in MBS GmbH industrial gateway products (single-a, double-a, single-x, double-x variants across

CVE-2026-35081 HIGH
7.2 Jun 03

Privilege escalation / denial of service in MBS Universal Gateway (UGW) product family allows an authenticated low-privi

Share

EUVD-2026-34074 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy