The vulnerability resides in hard–coded default service account passwords embedded in the firmware image of a range of MBS industrial control devices. An unauthenticated remote attacker can extract or recover the default password from the firmware, thereby gaining unrestricted administrative access to any device running the affected firmware. Once compromised, the attacker can execute arbitrary configuration changes, activate or disable critical control functions, and potentially disrupt or manipulate the entire control network. This weakness is essentially a credential exposure flaw, enabling total device takeover without initial authentication.

Affected products include MBS Double-A Profibus and Double-A x-link, MBS Double-X CAN, DALI, KNX, LON, M-Bus, Profinet, and x-link, as well as MBS Single-A, Single-X, and all MBS Triple-X device lines that combine KNX, DALI, LON, M-Bus, and Profinet protocols. No specific firmware revisions were identified in the report, so any current revision of these product lines may be vulnerable.

The CVSS base score of 9.3 indicates a severe risk, reflecting the zero‑trust attack model and complete loss of confidentiality, integrity, and availability of the devices. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the high severity and remote exploitability mean that a motivated attacker could mount a successful breach. The attack vector is remote and does not require any privileged interface; it is based on exploiting a firmware design flaw that exposes a default credential.