MBS Double-A Profibus
Moderate fix1 remedy
Moderate fix1 remedy
- < V6_0_0_7
MBS Universal Gateways UGW Web GUI Arbitrary File Access Vulnerability
Vulnerability
Patched
A vulnerability in the MBS Universal Gateways (UGW-A-Series, UGW-X-Series) web GUI allows remote attackers with user privileges to access arbitrary local files. This issue arises from inadequate validation of user-supplied input in the ugw-logread method. The vulnerability affects devices running MBS Firmware versions prior to 6.0.0.7.
Impact
Exploitation of this vulnerability could enable an authenticated attacker to read or delete arbitrary local files on the affected UGW devices, potentially leading to unauthorized access through a known service account password. Additionally, this vulnerability could be exploited in conjunction with other identified vulnerabilities to execute arbitrary code with root privileges, resulting in a full system compromise.
Remediation
Users are advised to update the affected products to firmware version 6.0.0.7, available at the MBS Firmware Update page.
Added: Jun 3, 2026, 1:22 PM
Updated: Jun 3, 2026, 1:22 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
5.2remediation
0.0relevance
9.9threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.