The bug in the bac-scanresult method permits an attacker who can already gain user-level access on the device to erase any file on the local filesystem. This occurs because the input supplied to the method is not validated against path traversal or other sanitization checks. The result is the loss or corruption of configuration, data, or firmware files, potentially disabling the device or preventing recovery. The weakness is a classic Path Traversal defect (CWE‑73).

Firmware for a wide range of MBS industrial automation gadgets is impacted. The affected products include MBS Double‑A Profibus, Double‑A x‑link, Double‑X CAN, Double‑X DALI, Double‑X KNX, Double‑X LON, Double‑X M‑Bus, Double‑X PROFINET, Double‑X x‑link, Single‑A, Single‑X, and various Triple‑X bundles that combine KNX, DALI, LON, and M‑Bus protocols. The advisory does not list specific firmware revisions, so any version that still uses the vulnerable bac‑scanresult routine is at risk until patched.

The calculated CVSS score of 7.2 indicates a moderately high impact with user privilege as a prerequisite. No EPSS value was supplied, so the real-world likelihood of exploitation cannot be quantified, and the vulnerability is not currently listed in CISA’s KEV catalog. Based on the description, the attacker must first achieve normal user credentials on the device, then invoke the vulnerable method—likely through a remote command or API call—to delete target files. The ability to destroy arbitrary local files can lead to a denial of service or a compromised configuration, and could serve as a foothold for further attacks once the device’s integrity is corrupted.