9.8 CVE-2026-35075

Enriched by CISA
 

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
https://nvd.nist.gov/vuln/detail/CVE-2026-35075

Categories

CWE-1393 : Use of Default Password
It is common practice for products to be designed to usedefault passwords for authentication. The rationale is tosimplify the manufacturing process or the systemadministrator's task of installation and deployment into anenterprise. However, if admins do not change the defaults,then it makes it easier for attackers to quickly bypassauthentication across multiple organizations. There are manylists of default passwords and default-password scanning toolsthat are easily available from the World Wide Web.

References


 

AFFECTED (from MITRE)


Vendor Product Versions
MBS Single-A
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-A Profibus
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-A x-link
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Single-X
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X CAN
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X DALI
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X KNX
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X LON
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X M-Bus
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X PROFINET
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X x-link
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X KNX+DALI
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X KNX+LON
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X KNX+M-Bus
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+DALI
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+KNX
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+LON
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+M-Bus
  • V1_0_0_0 < V6_0_0_7 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
AND
   cpe:2.3:o:mbs-solutions:universal_gateway_firmware:*:*:*:*:*:*:*:* < 6_00_07
  Running on/with
  cpe:2.3:h:mbs-solutions:double-a_profibus:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-a_x-link:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_can:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_dali:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_knx:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_lon:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_m-bus:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_profinet:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:double-x_x-link:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:single-a:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:single-x:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_knx+dali:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_knx+lon:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_knx+m-bus:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_profinet+dali:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_profinet+knx:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_profinet+lon:-:*:*:*:*:*:*:*
  cpe:2.3:h:mbs-solutions:triple-x_profinet+m-bus:-:*:*:*:*:*:*:*


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry