The ugw-restoreinfo method in MBS firmware allows a remote attacker who can obtain user privileges to delete any local file because user input is not validated against file-system boundaries. This weakness is classified as CWE‑73 and permits an attacker to remove critical configuration files or system data, potentially leading to loss of service or further damage if essential files are removed.

All firmware versions of MBS products listed under the following categories are impacted: Double‑A Profibus, Double‑A x‑link, Double‑X CAN, Double‑X DALI, Double‑X KNX, Double‑X LON, Double‑X M‑Bus, Double‑X PROFINET, Double‑X x‑link, Single‑A, Single‑X, Triple‑X KNX+DALI, Triple‑X KNX+LON, Triple‑X KNX+M‑Bus, Triple‑X PROFINET+DALI, Triple‑X PROFINET+KNX, Triple‑X PROFINET+LON, and Triple‑X PROFINET+M‑Bus. Specific affected firmware versions are not disclosed, so any deployment of these products should be examined for the presence of the vulnerable method.

The CVSS score of 7.2 indicates a medium‑to‑high severity vulnerability with a potential for significant impact on integrity. EPSS data is unavailable, so the likelihood of exploitation cannot be precisely quantified, but the vulnerability is referenced in a VDE advisory, suggesting that knowledgeable actors could target it. The vulnerability is not currently listed in the CISA KEV catalog. As the attack vector is described as remote, an attacker must be able to invoke ugw-restoreinfo over the network or exploit a local user context; once the condition is met, the attacker can delete arbitrary files.