9.8 CVE-2026-35075
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
https://nvd.nist.gov/vuln/detail/CVE-2026-35075
Categories
CWE-1393 : Use of Default Password
It is common practice for products to be designed to usedefault passwords for authentication. The rationale is tosimplify the manufacturing process or the systemadministrator's task of installation and deployment into anenterprise. However, if admins do not change the defaults,then it makes it easier for attackers to quickly bypassauthentication across multiple organizations. There are manylists of default passwords and default-password scanning toolsthat are easily available from the World Wide Web.
References
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| MBS |
Single-A |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-A Profibus |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-A x-link |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Single-X |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X CAN |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X DALI |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X KNX |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X LON |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X M-Bus |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X PROFINET |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Double-X x-link |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X KNX+DALI |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X KNX+LON |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X KNX+M-Bus |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X PROFINET+DALI |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X PROFINET+KNX |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X PROFINET+LON |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| MBS |
Triple-X PROFINET+M-Bus |
- V1_0_0_0 < V6_0_0_7 [affected]
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
| cpe |
start |
end |
| Configuration 1 |
| cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 2 |
| cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 3 |
| cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 4 |
| cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 5 |
| cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 6 |
| cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 7 |
| cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 8 |
| cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 9 |
| cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 10 |
| cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 11 |
| cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 12 |
| cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 13 |
| cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 14 |
| cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 15 |
| cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 16 |
| cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 17 |
| cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
| Configuration 18 |
| cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:* |
>= V1_0_0_0 |
< V6_0_0_7 |
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer