CVE-2026-35082

Summary

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

Affected Software

VendorProductVersion RangeStatus
MBSSingle-AV1_00_00 < V6_00_07affected
MBSDouble-A ProfibusV1_00_00 < V6_00_07affected
MBSDouble-A x-linkV1_00_00 < V6_00_07affected
MBSSingle-XV1_00_00 < V6_00_07affected
MBSDouble-X CANV1_00_00 < V6_00_07affected
MBSDouble-X DALIV1_00_00 < V6_00_07affected
MBSDouble-X KNXV1_00_00 < V6_00_07affected
MBSDouble-X LONV1_00_00 < V6_00_07affected
MBSDouble-X M-BusV1_00_00 < V6_00_07affected
MBSDouble-X PROFINETV1_00_00 < V6_00_07affected
MBSDouble-X x-linkV1_00_00 < V6_00_07affected
MBSTriple-X KNX+DALIV1_00_00 < V6_00_07affected
MBSTriple-X KNX+LONV1_00_00 < V6_00_07affected
MBSTriple-X KNX+M-BusV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+DALIV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+KNXV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+LONV1_00_00 < V6_00_07affected
MBSTriple-X PROFINET+M-BusV1_00_00 < V6_00_07affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References