9.8 CVE-2026-35075

Enriched by CISA
 

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
https://nvd.nist.gov/vuln/detail/CVE-2026-35075

Categories

CWE-1393 : Use of Default Password
It is common practice for products to be designed to usedefault passwords for authentication. The rationale is tosimplify the manufacturing process or the systemadministrator's task of installation and deployment into anenterprise. However, if admins do not change the defaults,then it makes it easier for attackers to quickly bypassauthentication across multiple organizations. There are manylists of default passwords and default-password scanning toolsthat are easily available from the World Wide Web.

References


 

AFFECTED (from MITRE)

Vendor Product Versions
MBS Single-A
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-A Profibus
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-A x-link
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Single-X
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X CAN
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X DALI
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X KNX
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X LON
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X M-Bus
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X PROFINET
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Double-X x-link
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X KNX+DALI
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X KNX+LON
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X KNX+M-Bus
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+DALI
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+KNX
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+LON
  • V1_0_0_0 < V6_0_0_7 [affected]
MBS Triple-X PROFINET+M-Bus
  • V1_0_0_0 < V6_0_0_7 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 2
cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 3
cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 4
cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 5
cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 6
cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 7
cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 8
cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 9
cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 10
cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 11
cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 12
cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 13
cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 14
cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 15
cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 16
cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 17
cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7
Configuration 18
cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:* >= V1_0_0_0 < V6_0_0_7

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry