The ugw-logstop routine permits a user‑privileged attacker to request the deletion of any local file on the device. The vulnerability arises from insufficient validation of the filename supplied by the caller, as documented by CWE-73. An attacker who can reach the method can thus remove critical configuration, firmware, or log files, potentially causing loss of service or disabling the device altogether.

This flaw affects a broad range of MBS products, including Double‑A Profibus, Double‑A x‑link, Double‑X CAN, Double‑X DALI, Double‑X KNX, Double‑X LON, Double‑X M‑Bus, Double‑X PROFINET, Double‑X x‑link, Single‑A, Single‑X, and various Triple‑X combinations such as KNX+LON, KNX+M‑Bus, PROFINET+DALI, PROFINET+KNX, PROFINET+LON, and PROFINET+M‑Bus. All firmware versions of these devices are potentially susceptible, as no version restrictions were provided.

The CVSS score of 7.2 classifies this issue as high severity, indicating that once the flaw is triggered a user can cause significant damage. EPSS is not available, but the mechanism requires user privileges, suggesting that an attacker must gain authenticated access or exploit another privilege escalation vector to reach the method. The vulnerability is not listed in the CISA KEV catalog, reducing the likelihood of known active exploitation but not eliminating the risk, especially in industrial environments where devices often run default credentials or have exposed management interfaces.