Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (CERTVDE) · only source for this CVE.
CVSS VectorVendor: CERTVDE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
AnalysisAI
Privilege escalation / denial of service in MBS Universal Gateway (UGW) product family allows an authenticated low-privileged remote user to terminate arbitrary processes on the device via the ugw-logstop method, which fails to validate user-supplied input. No public exploit identified at time of analysis, but the bug affects a broad set of MBS industrial protocol gateways (Single-A, Double-A Profibus/X-Link, Single-X, Double-X CAN/DALI/KNX/LON/M-Bus/Profinet) used in building and industrial automation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must (1) have network reachability to the UGW management interface invoking the ugw-logstop method, and (2) hold valid credentials for a low-privilege ('user') account on the device - anonymous exploitation is not described. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N, VC:N/VI:H/VA:H) is internally consistent with the description: network reachable, low complexity, requires existing low-privilege user credentials, no user interaction, and produces high integrity and availability impact with no confidentiality loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained any low-privilege user account on the UGW - for example, a contractor login on a building-automation gateway reachable from the corporate network - connects to the gateway's management interface and invokes the ugw-logstop method with a process identifier belonging to the protocol-translation daemon rather than the logger. The unvalidated input is accepted, the targeted process is killed, and the fieldbus side (Profibus, KNX, M-Bus, etc.) goes dark until the device is restarted or the daemon is brought back up, producing a sustained availability outage on the OT segment. … |
| Remediation | No vendor-released patch version was identified at time of analysis from the supplied data; consult MBS via the CERT@VDE advisory at https://www.certvde.com/en/advisories/VDE-2026-039/ for the fixed firmware build and apply it to all listed Single-A, Single-X, Double-A and Double-X gateways. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all MBS UGW deployments and document user access controls for low-privilege accounts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Credential disclosure in MBS industrial protocol gateways (Single-A, Double-A, Single-X, and Double-X product families)
Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated r
Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows a
Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A
Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines c
Arbitrary file deletion in MBS GmbH universal gateway (UGW) products allows authenticated remote users to remove files o
Arbitrary file deletion in MBS Universal Gateway (UGW) products allows authenticated remote attackers with low-privilege
Arbitrary file deletion in MBS Universal Gateway (UGW) product line allows authenticated remote attackers to delete loca
Arbitrary file deletion in MBS Universal Gateway (UGW) product family allows authenticated remote attackers to remove an
Arbitrary file deletion in MBS GmbH industrial gateway products (single-a, double-a, single-x, double-x variants across
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34077
GHSA-vwg2-pp87-3x79