CVE-2026-35076

Summary

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Affected Software

VendorProductVersion RangeStatus
MBSSingle-AV1_00_00 < V6_00_07affected
MBSDouble-A ProfibusV1_00_00 < V6_00_07affected
MBSDouble-A x-linkV1_00_00 < V6_00_07affected
MBSSingle-XV1_00_00 < V6_00_07affected
MBSDouble-X CANV1_00_00 < V6_00_07affected
MBSDouble-X DALIV1_00_00 < V6_00_07affected
MBSDouble-X KNXV1_00_00 < V6_00_07affected
MBSDouble-X LONV1_00_00 < V6_00_07affected
MBSDouble-X M-BusV1_00_00 < V6_00_07affected
MBSDouble-X PROFINETV1_00_00 < V6_00_07affected
MBSDouble-X x-linkV1_00_00 < V6_00_07affected
MBSTriple-X KNX+DALIV1_00_00 < V6_00_07affected
MBSTriple-X KNX+LONV1_00_00 < V6_00_07affected
MBSTriple-X KNX+M-BusV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+DALIV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+KNXV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+LONV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+M-BusV1_00_00 < V6_00_07affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References