Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

triple-x_knx\+m-bus

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

11
Related CVEsRelated VendorsRelated AssignersReports
11Vulnerabilities found
CVE-2026-35085
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:42
Updated-08 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in method gdv-serverconfig

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-35084
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:42
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in method dali-devconfig

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-35083
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:41
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in method bac-deviceobject

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-35082
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-8.7||HIGH
EPSS-0.14% / 33.33%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:41
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local file inclusion vulnerability and deletion in ugw-logread method

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-35081
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.64%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:40
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-20
Improper Input Validation
CVE-2026-35080
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:40
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file delete vulnerability in method ugw-restoreinfo

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-35079
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:39
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file delete vulnerability in method ugw-restore

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-35078
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:39
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file delete vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-35077
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:39
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file delete vulnerability in method ugw-delete-file

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-35076
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:38
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file delete vulnerability in method bac-scanresult

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-35075
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 10:38
Updated-08 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-double-x_profinetdouble-x_dalidouble-x_knxsingle-xtriple-x_profinet\+m-busdouble-a_x-linktriple-x_profinet\+knxdouble-x_lontriple-x_profinet\+lonuniversal_gateway_firmwaredouble-x_cantriple-x_knx\+lontriple-x_knx\+m-bustriple-x_profinet\+dalidouble-a_profibusdouble-x_x-linktriple-x_knx\+dalisingle-adouble-x_m-busTriple-X PROFINET+KNXTriple-X PROFINET+DALISingle-XDouble-A x-linkTriple-X KNX+LONTriple-X KNX+M-BusDouble-X PROFINETDouble-X KNXTriple-X PROFINET+LONTriple-X PROFINET+M-BusDouble-X CANTriple-X KNX+DALIDouble-X x-linkDouble-X M-BusDouble-A ProfibusSingle-ADouble-X LONDouble-X DALI
CWE ID-CWE-1393
Use of Default Password