CVE-2026-35084 - Vulnerability Details

- Stack buffer overflow in method dali-devconfig

Description

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

Published: 2026-06-03

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MBS

Single-A

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-A Profibus

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-A x-link

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Single-X

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X CAN

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X DALI

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X KNX

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X LON

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X M-Bus

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X PROFINET

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Double-X x-link

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X KNX+DALI

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X KNX+LON

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X KNX+M-Bus

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X PROFINET+DALI

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X PROFINET+KNX

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X PROFINET+LON

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

MBS

Triple-X PROFINET+M-Bus

unaffected

Version	Status	Constraints
`V1_0_0_0`	affected	< V6_0_0_7

Configuration 1 [-]

AND

cpe:2.3:o:mbs-solutions:universal_gateway_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mbs-solutions:double-a_profibus:-:::::::*
	cpe:2.3:h:mbs-solutions:double-a_x-link:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_can:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_dali:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_knx:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_lon:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_m-bus:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_profinet:-:::::::*
	cpe:2.3:h:mbs-solutions:double-x_x-link:-:::::::*
	cpe:2.3:h:mbs-solutions:single-a:-:::::::*
	cpe:2.3:h:mbs-solutions:single-x:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_knx\+dali:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_knx\+lon:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_knx\+m-bus:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_profinet\+dali:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_profinet\+knx:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_profinet\+lon:-:::::::*
	cpe:2.3:h:mbs-solutions:triple-x_profinet\+m-bus:-:::::::*

No data.

Vendor Product Confidence Versions

Mbs

Double-a Profibus

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-a X-link

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x Can

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x Dali

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x Knx

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x Lon

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x M-bus

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x Profinet

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Double-x X-link

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Single-a

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Single-x

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Knx+dali

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Knx+lon

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Knx+m-bus

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Profinet+dali

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Profinet+knx

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Profinet+lon

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Mbs

Triple-x Profinet+m-bus

100%

Version	Status	Scheme	Platform
`[V1_0_0_0,V6_0_0_7)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00456.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.certvde.com/en/advisories/VDE-2026-039/

History

Mon, 08 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mbs-solutions Mbs-solutions double-a Profibus Mbs-solutions double-a X-link Mbs-solutions double-x Can Mbs-solutions double-x Dali Mbs-solutions double-x Knx Mbs-solutions double-x Lon Mbs-solutions double-x M-bus Mbs-solutions double-x Profinet Mbs-solutions double-x X-link Mbs-solutions single-a Mbs-solutions single-x Mbs-solutions triple-x Knx\+dali Mbs-solutions triple-x Knx\+lon Mbs-solutions triple-x Knx\+m-bus Mbs-solutions triple-x Profinet\+dali Mbs-solutions triple-x Profinet\+knx Mbs-solutions triple-x Profinet\+lon Mbs-solutions triple-x Profinet\+m-bus Mbs-solutions universal Gateway Firmware
CPEs		cpe:2.3:h:mbs-solutions:double-a_profibus:-:::::::* cpe:2.3:h:mbs-solutions:double-a_x-link:-:::::::* cpe:2.3:h:mbs-solutions:double-x_can:-:::::::* cpe:2.3:h:mbs-solutions:double-x_dali:-:::::::* cpe:2.3:h:mbs-solutions:double-x_knx:-:::::::* cpe:2.3:h:mbs-solutions:double-x_lon:-:::::::* cpe:2.3:h:mbs-solutions:double-x_m-bus:-:::::::* cpe:2.3:h:mbs-solutions:double-x_profinet:-:::::::* cpe:2.3:h:mbs-solutions:double-x_x-link:-:::::::* cpe:2.3:h:mbs-solutions:single-a:-:::::::* cpe:2.3:h:mbs-solutions:single-x:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_knx\+dali:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_knx\+lon:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_knx\+m-bus:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_profinet\+dali:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_profinet\+knx:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_profinet\+lon:-:::::::* cpe:2.3:h:mbs-solutions:triple-x_profinet\+m-bus:-:::::::* cpe:2.3:o:mbs-solutions:universal_gateway_firmware::::::::
Vendors & Products		Mbs-solutions Mbs-solutions double-a Profibus Mbs-solutions double-a X-link Mbs-solutions double-x Can Mbs-solutions double-x Dali Mbs-solutions double-x Knx Mbs-solutions double-x Lon Mbs-solutions double-x M-bus Mbs-solutions double-x Profinet Mbs-solutions double-x X-link Mbs-solutions single-a Mbs-solutions single-x Mbs-solutions triple-x Knx\+dali Mbs-solutions triple-x Knx\+lon Mbs-solutions triple-x Knx\+m-bus Mbs-solutions triple-x Profinet\+dali Mbs-solutions triple-x Profinet\+knx Mbs-solutions triple-x Profinet\+lon Mbs-solutions triple-x Profinet\+m-bus Mbs-solutions universal Gateway Firmware

Fri, 05 Jun 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mbs double-a Profibus Mbs double-a X-link Mbs double-x Can Mbs double-x Dali Mbs double-x Knx Mbs double-x Lon Mbs double-x M-bus Mbs double-x Profinet Mbs double-x X-link Mbs single-a Mbs single-x Mbs triple-x Knx+dali Mbs triple-x Knx+lon Mbs triple-x Knx+m-bus Mbs triple-x Profinet+dali Mbs triple-x Profinet+knx Mbs triple-x Profinet+lon Mbs triple-x Profinet+m-bus
Vendors & Products		Mbs double-a Profibus Mbs double-a X-link Mbs double-x Can Mbs double-x Dali Mbs double-x Knx Mbs double-x Lon Mbs double-x M-bus Mbs double-x Profinet Mbs double-x X-link Mbs single-a Mbs single-x Mbs triple-x Knx+dali Mbs triple-x Knx+lon Mbs triple-x Knx+m-bus Mbs triple-x Profinet+dali Mbs triple-x Profinet+knx Mbs triple-x Profinet+lon Mbs triple-x Profinet+m-bus

Wed, 03 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 03 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Description		A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
Title		Stack buffer overflow in method dali-devconfig
First Time appeared		Mbs Mbs double A Profibus Firmware Mbs double A X Link Firmware Mbs double X Can Firmware Mbs double X Dali Firmware Mbs double X Knx Firmware Mbs double X Lon Firmware Mbs double X M Bus Firmware Mbs double X Profinet Firmware Mbs double X X Link Firmware Mbs single A Firmware Mbs single X Firmware Mbs triple X Knx Dali Firmware Mbs triple X Knx Lon Firmware Mbs triple X Knx M Bus Firmware Mbs triple X Profinet Dali Firmware Mbs triple X Profinet Knx Firmware Mbs triple X Profinet Lon Firmware Mbs triple X Profinet M Bus Firmware
Weaknesses		CWE-121
CPEs		cpe:2.3:o:mbs:double_a_profibus_firmware:::::::: cpe:2.3:o:mbs:double_a_x_link_firmware:::::::: cpe:2.3:o:mbs:double_x_can_firmware:::::::: cpe:2.3:o:mbs:double_x_dali_firmware:::::::: cpe:2.3:o:mbs:double_x_knx_firmware:::::::: cpe:2.3:o:mbs:double_x_lon_firmware:::::::: cpe:2.3:o:mbs:double_x_m_bus_firmware:::::::: cpe:2.3:o:mbs:double_x_profinet_firmware:::::::: cpe:2.3:o:mbs:double_x_x_link_firmware:::::::: cpe:2.3:o:mbs:single_a_firmware:::::::: cpe:2.3:o:mbs:single_x_firmware:::::::: cpe:2.3:o:mbs:triple_x_knx_dali_firmware:::::::: cpe:2.3:o:mbs:triple_x_knx_lon_firmware:::::::: cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:::::::: cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:::::::: cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:::::::: cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:::::::: cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware::::::::
Vendors & Products		Mbs Mbs double A Profibus Firmware Mbs double A X Link Firmware Mbs double X Can Firmware Mbs double X Dali Firmware Mbs double X Knx Firmware Mbs double X Lon Firmware Mbs double X M Bus Firmware Mbs double X Profinet Firmware Mbs double X X Link Firmware Mbs single A Firmware Mbs single X Firmware Mbs triple X Knx Dali Firmware Mbs triple X Knx Lon Firmware Mbs triple X Knx M Bus Firmware Mbs triple X Profinet Dali Firmware Mbs triple X Profinet Knx Firmware Mbs triple X Profinet Lon Firmware Mbs triple X Profinet M Bus Firmware
References		https://www.certvde.com/en/advisories/VDE-2026-039/
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Mbs Double-a Profibus Double-a X-link Double-x Can Double-x Dali Double-x Knx Double-x Lon Double-x M-bus Double-x Profinet Double-x X-link Double A Profibus Firmware Double A X Link Firmware Double X Can Firmware Double X Dali Firmware Double X Knx Firmware Double X Lon Firmware Double X M Bus Firmware Double X Profinet Firmware Double X X Link Firmware Single-a Single-x Single A Firmware Single X Firmware Triple-x Knx+dali Triple-x Knx+lon Triple-x Knx+m-bus Triple-x Profinet+dali Triple-x Profinet+knx Triple-x Profinet+lon Triple-x Profinet+m-bus Triple X Knx Dali Firmware Triple X Knx Lon Firmware Triple X Knx M Bus Firmware Triple X Profinet Dali Firmware Triple X Profinet Knx Firmware Triple X Profinet Lon Firmware Triple X Profinet M Bus Firmware

Mbs-solutions Double-a Profibus Double-a X-link Double-x Can Double-x Dali Double-x Knx Double-x Lon Double-x M-bus Double-x Profinet Double-x X-link Single-a Single-x Triple-x Knx\+dali Triple-x Knx\+lon Triple-x Knx\+m-bus Triple-x Profinet\+dali Triple-x Profinet\+knx Triple-x Profinet\+lon Triple-x Profinet\+m-bus Universal Gateway Firmware

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-06-03T10:42:03.287Z

Updated: 2026-06-09T10:31:00.391Z

Reserved: 2026-04-01T08:28:27.142Z

Link: CVE-2026-35084

Vulnrichment

Updated: 2026-06-03T19:14:38.605Z

NVD

Status : Analyzed

Published: 2026-06-03T13:16:21.180

Modified: 2026-06-08T17:17:07.980

Link: CVE-2026-35084

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-05T10:11:49Z

Weaknesses

CWE-121

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object