By vendor
Mbs-Solutions vulnerabilities
Known CVEs affecting Mbs-Solutions products, prioritized by severity, with SEC.co remediation and detection guidance.
10 published vulnerabilities
- CVE-2026-35082HIGH 8.8
A vulnerability in MBS Solutions' universal gateway firmware and related products allows an authenticated user to read arbitrary files from the affected system. The ugw-logread method does not properly validate file path inputs, enabling attackers with legitimate user credentials to bypass access controls and retrieve sensitive data they shouldn't be able to access. This is a local file disclosure issue that requires valid user credentials to exploit.
- CVE-2026-35083HIGH 8.8
A stack buffer overflow vulnerability exists in MBS Solutions' industrial gateway and protocol converter products. An attacker with valid user credentials can send a specially crafted network request to trigger memory corruption, allowing them to execute arbitrary code with root-level privileges. This is a serious vulnerability because it requires no user interaction, operates over the network, and completely bypasses system security once exploited.
- CVE-2026-35084HIGH 8.8
A stack buffer overflow vulnerability in the dali-devconfig component affects a broad range of MBS Solutions gateway and protocol conversion devices. An attacker with basic user-level access to the network can send a specially crafted request that overwrites memory on the device, potentially achieving full root-level system compromise. This is a particularly serious issue because these devices typically operate as trusted infrastructure components in industrial and building automation networks, where an attacker gaining root access could manipulate critical system functions or pivot to downstream systems.
- CVE-2026-35085HIGH 8.8
A stack buffer overflow vulnerability in gdv-serverconfig affects a broad range of MBS Solutions gateway and interface devices. An authenticated attacker with standard user privileges can send a specially crafted network request to trigger the overflow and execute arbitrary code with root-level system access. The vulnerability requires valid user credentials to exploit but no user interaction, making it a significant risk in environments where user account compromise is possible.
- CVE-2026-35076HIGH 8.1
A vulnerability in MBS Solutions gateway and protocol-conversion products allows authenticated users to delete files from the affected system without proper authorization. The flaw exists in the 'bac-scanresult' method, which fails to validate user-supplied input adequately. An attacker who has legitimate credentials can exploit this to remove critical files, potentially disrupting system operations or causing data loss.
- CVE-2026-35077HIGH 8.1
A vulnerability in MBS Solutions gateway products allows authenticated users to delete files they shouldn't have access to. An attacker with valid user credentials can exploit the ugw-delete-file method to remove arbitrary files from affected systems by bypassing input validation controls. This is especially concerning in industrial automation environments where these gateways often handle critical protocol conversions and data flows.
- CVE-2026-35078HIGH 8.1
A vulnerability in MBS Solutions gateway products allows authenticated users to delete files from affected systems without proper authorization. An attacker with valid user credentials can exploit the ugw-logstop method to remove arbitrary files, potentially disrupting system operations or destroying evidence. This is classified as a high-severity flaw because it requires only standard user access and can cause significant damage to system integrity and availability.
- CVE-2026-35079HIGH 8.1
CVE-2026-35079 is a file deletion vulnerability in MBS Solutions' Universal Gateway firmware and related gateway products. An attacker who already has valid user credentials can exploit the ugw-restore method to delete arbitrary files on the device. Because the vulnerability requires existing user access, the risk depends heavily on your organization's internal security posture and whether these devices are exposed to untrusted users.
- CVE-2026-35080HIGH 8.1
A flaw in MBS Solutions gateway firmware allows authenticated users to delete files they shouldn't have access to. An attacker with valid login credentials can exploit the ugw-restoreinfo method to remove arbitrary files from affected devices, potentially disrupting operations or destroying critical system data. The vulnerability requires existing user privileges but poses a serious risk to the integrity and availability of gateway-based infrastructure.
- CVE-2026-35081HIGH 8.1
A vulnerability in MBS Solutions' gateway and protocol conversion products allows authenticated users to remotely stop arbitrary processes on affected devices. An attacker who already has valid user credentials can exploit insufficient input validation in the ugw-logstop method to terminate critical services, potentially disrupting device functionality or causing a denial of service. This is a HIGH severity issue requiring prompt attention in networked industrial and building automation environments.