CVE-2026-35081

Summary

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

Affected Software

VendorProductVersion RangeStatus
MBSSingle-AV1_00_00 < V6_00_07affected
MBSDouble-A ProfibusV1_00_00 < V6_00_07affected
MBSDouble-A x-linkV1_00_00 < V6_00_07affected
MBSSingle-XV1_00_00 < V6_00_07affected
MBSDouble-X CANV1_00_00 < V6_00_07affected
MBSDouble-X DALIV1_00_00 < V6_00_07affected
MBSDouble-X KNXV1_00_00 < V6_00_07affected
MBSDouble-X LONV1_00_00 < V6_00_07affected
MBSDouble-X M-BusV1_00_00 < V6_00_07affected
MBSDouble-X PROFINETV1_00_00 < V6_00_07affected
MBSDouble-X x-linkV1_00_00 < V6_00_07affected
MBSTriple-X KNX+DALIV1_00_00 < V6_00_07affected
MBSTriple-X KNX+LONV1_00_00 < V6_00_07affected
MBSTriple-X KNX+M-BusV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+DALIV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+KNXV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+LONV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+M-BusV1_00_00 < V6_00_07affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References