Double X Lon
Monthly
Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows authenticated remote attackers to corrupt stack memory in the gdv-serverconfig service and seize full system control. The flaw, reported by CERT@VDE and tracked as CVE-2026-35085 with a CVSS 4.0 score of 8.7 (High), affects multiple fieldbus variants (Profibus, Profinet, KNX, LON, DALI, M-Bus, CAN, X-Link). No public exploit identified at time of analysis, and EPSS data was not supplied for this advisory.
Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A, Single-X, and the Double-A/Double-X family (Profibus, X-Link, CAN, DALI, KNX, LON, M-Bus, Profinet). A remote attacker holding low-level user credentials can exploit the flaw to gain full system access, with CVSS 4.0 scoring it 8.7 (High). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines covering Profibus, Profinet, KNX, DALI, LON, M-Bus, CAN, and X-Link variants) is achievable by an authenticated remote user via a stack buffer overflow. The CVSS 4.0 base score of 8.7 reflects network-reachable exploitation with low complexity and only user-level privileges required, leading to full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue was coordinated through CERT@VDE (advisory VDE-2026-039), indicating responsible disclosure rather than in-the-wild abuse.
Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated remote attackers to read arbitrary files on the device via the ugw-logread method. CVSS 4.0 score of 8.7 reflects network-reachable exploitation with only low-privilege user credentials needed, exposing potentially sensitive configuration, credential, and operational data on industrial protocol gateways. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation / denial of service in MBS Universal Gateway (UGW) product family allows an authenticated low-privileged remote user to terminate arbitrary processes on the device via the ugw-logstop method, which fails to validate user-supplied input. No public exploit identified at time of analysis, but the bug affects a broad set of MBS industrial protocol gateways (Single-A, Double-A Profibus/X-Link, Single-X, Double-X CAN/DALI/KNX/LON/M-Bus/Profinet) used in building and industrial automation. CVSS 4.0 base is 7.2 reflecting High integrity and availability impact with only low privileges required.
Arbitrary file deletion in MBS GmbH universal gateway (UGW) products allows authenticated remote users to remove files on the device through the ugw-restoreinfo method, which fails to validate user-controlled path input (CWE-73). The flaw, reported by CERT@VDE and tracked under VDE-2026-039, affects the Single-A, Double-A (Profibus/X-Link), Single-X, and Double-X (CAN/DALI/KNX/LON/M-Bus/Profinet) fieldbus gateway product lines used in industrial and building automation. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file deletion in MBS Universal Gateway (UGW) products allows authenticated remote attackers with low-privilege user accounts to delete arbitrary files on the device by abusing the ugw-restore method, which fails to validate user-controlled path input. The vulnerability affects multiple MBS gateway variants (Single-A, Double-A Profibus/X-Link, Single-X, and Double-X CAN/DALI/KNX/LON/M-Bus/Profinet bridges) used in industrial fieldbus integration. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary file deletion in MBS Universal Gateway (UGW) product line allows authenticated remote attackers to delete local files on the device via the ugw-logstop method, which fails to validate user-supplied path input. The flaw affects MBS Single-A, Double-A (Profibus, X-link), Single-X, and Double-X (CAN, DALI, KNX, LON, M-Bus, Profinet) industrial protocol gateways. No public exploit identified at time of analysis, but the low-complexity, low-privilege attack profile makes this a credible threat to availability of industrial control system gateways.
Arbitrary file deletion in MBS Universal Gateway (UGW) product family allows authenticated remote attackers to remove any file on the device filesystem by abusing the ugw-delete-file method, which fails to validate user-controlled path input (CWE-73). With CVSS 4.0 score 7.2 and PR:L, exploitation requires only a low-privileged account, and successful abuse impacts integrity and availability of the gateway (VI:H/VA:H). No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Arbitrary file deletion in MBS GmbH industrial gateway products (single-a, double-a, single-x, double-x variants across Profibus, Profinet, KNX, LON, M-Bus, DALI, CAN, and X-Link protocols) allows authenticated remote attackers to remove arbitrary files on the device via the bac-scanresult method, which fails to validate user-controlled path input. Reported by CERTVDE under advisory VDE-2026-039, no public exploit identified at time of analysis. The CVSS 4.0 score of 7.2 reflects high integrity and availability impact achievable with only low-privileged user credentials.
Credential disclosure in MBS industrial protocol gateways (Single-A, Double-A, Single-X, and Double-X product families) allows remote unauthenticated attackers to extract a hard-coded default password embedded in the firmware image and use it to obtain full administrative control of any affected device. With a CVSS 4.0 score of 9.3 and the vulnerability reported through CERT@VDE under advisory VDE-2026-039, the issue is severe because the recovered credential is shared across the device line, but at the time of analysis there is no public exploit identified and the vulnerability is not listed in CISA KEV.
Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows authenticated remote attackers to corrupt stack memory in the gdv-serverconfig service and seize full system control. The flaw, reported by CERT@VDE and tracked as CVE-2026-35085 with a CVSS 4.0 score of 8.7 (High), affects multiple fieldbus variants (Profibus, Profinet, KNX, LON, DALI, M-Bus, CAN, X-Link). No public exploit identified at time of analysis, and EPSS data was not supplied for this advisory.
Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A, Single-X, and the Double-A/Double-X family (Profibus, X-Link, CAN, DALI, KNX, LON, M-Bus, Profinet). A remote attacker holding low-level user credentials can exploit the flaw to gain full system access, with CVSS 4.0 scoring it 8.7 (High). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines covering Profibus, Profinet, KNX, DALI, LON, M-Bus, CAN, and X-Link variants) is achievable by an authenticated remote user via a stack buffer overflow. The CVSS 4.0 base score of 8.7 reflects network-reachable exploitation with low complexity and only user-level privileges required, leading to full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue was coordinated through CERT@VDE (advisory VDE-2026-039), indicating responsible disclosure rather than in-the-wild abuse.
Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated remote attackers to read arbitrary files on the device via the ugw-logread method. CVSS 4.0 score of 8.7 reflects network-reachable exploitation with only low-privilege user credentials needed, exposing potentially sensitive configuration, credential, and operational data on industrial protocol gateways. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Privilege escalation / denial of service in MBS Universal Gateway (UGW) product family allows an authenticated low-privileged remote user to terminate arbitrary processes on the device via the ugw-logstop method, which fails to validate user-supplied input. No public exploit identified at time of analysis, but the bug affects a broad set of MBS industrial protocol gateways (Single-A, Double-A Profibus/X-Link, Single-X, Double-X CAN/DALI/KNX/LON/M-Bus/Profinet) used in building and industrial automation. CVSS 4.0 base is 7.2 reflecting High integrity and availability impact with only low privileges required.
Arbitrary file deletion in MBS GmbH universal gateway (UGW) products allows authenticated remote users to remove files on the device through the ugw-restoreinfo method, which fails to validate user-controlled path input (CWE-73). The flaw, reported by CERT@VDE and tracked under VDE-2026-039, affects the Single-A, Double-A (Profibus/X-Link), Single-X, and Double-X (CAN/DALI/KNX/LON/M-Bus/Profinet) fieldbus gateway product lines used in industrial and building automation. No public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file deletion in MBS Universal Gateway (UGW) products allows authenticated remote attackers with low-privilege user accounts to delete arbitrary files on the device by abusing the ugw-restore method, which fails to validate user-controlled path input. The vulnerability affects multiple MBS gateway variants (Single-A, Double-A Profibus/X-Link, Single-X, and Double-X CAN/DALI/KNX/LON/M-Bus/Profinet bridges) used in industrial fieldbus integration. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary file deletion in MBS Universal Gateway (UGW) product line allows authenticated remote attackers to delete local files on the device via the ugw-logstop method, which fails to validate user-supplied path input. The flaw affects MBS Single-A, Double-A (Profibus, X-link), Single-X, and Double-X (CAN, DALI, KNX, LON, M-Bus, Profinet) industrial protocol gateways. No public exploit identified at time of analysis, but the low-complexity, low-privilege attack profile makes this a credible threat to availability of industrial control system gateways.
Arbitrary file deletion in MBS Universal Gateway (UGW) product family allows authenticated remote attackers to remove any file on the device filesystem by abusing the ugw-delete-file method, which fails to validate user-controlled path input (CWE-73). With CVSS 4.0 score 7.2 and PR:L, exploitation requires only a low-privileged account, and successful abuse impacts integrity and availability of the gateway (VI:H/VA:H). No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Arbitrary file deletion in MBS GmbH industrial gateway products (single-a, double-a, single-x, double-x variants across Profibus, Profinet, KNX, LON, M-Bus, DALI, CAN, and X-Link protocols) allows authenticated remote attackers to remove arbitrary files on the device via the bac-scanresult method, which fails to validate user-controlled path input. Reported by CERTVDE under advisory VDE-2026-039, no public exploit identified at time of analysis. The CVSS 4.0 score of 7.2 reflects high integrity and availability impact achievable with only low-privileged user credentials.
Credential disclosure in MBS industrial protocol gateways (Single-A, Double-A, Single-X, and Double-X product families) allows remote unauthenticated attackers to extract a hard-coded default password embedded in the firmware image and use it to obtain full administrative control of any affected device. With a CVSS 4.0 score of 9.3 and the vulnerability reported through CERT@VDE under advisory VDE-2026-039, the issue is severe because the recovered credential is shared across the device line, but at the time of analysis there is no public exploit identified and the vulnerability is not listed in CISA KEV.