The ugw-logstop method in MBS firmware allows a remote attacker who possesses user-level credentials to terminate any running process by providing insufficiently validated input. The flaw stems from improper input validation (CWE-20), enabling the attacker to specify an arbitrary process name or identifier. Successful exploitation can result in the abrupt termination of essential services, disrupting system availability and potentially cascading into further system instability. While this vulnerability does not directly expose data, the denial of critical processes may impair operational integrity and business continuity.

Affected vendors and products include MBS Double‑A Profibus and Double‑A x‑link, MBS Double‑X CAN, DALI, KNX, LON, M‑Bus, PROFINET, x‑link, as well as MBS Single‑A, Single‑X, and the various Triple‑X configurations such as KNX+DALI, KNX+LON, KNX+M‑Bus, PROFINET+DALI, PROFINET+KNX, PROFINET+LON, and PROFINET+M‑Bus. The specific affected firmware versions are not disclosed in the advisory, so all firmware variants should be assessed for the presence of the ugw‑logstop method.

The CVSS score of 7.2 indicates a high‑severity flaw that requires remote attackers to have user‑level access. The EPSS score is not available, so current exploitation probability cannot be quantified, and the vulnerability is not listed in CISA’s KEV catalog. Nevertheless, the presence of a remote API that accepts unvalidated input and terminates processes makes this a realistic target for organizations where users can execute the ugw‑logstop command. Exploitation would require the attacker to invoke the method with malicious parameters, leading to termination of critical processes and service disruption. The lack of a public exploit noted to date means defenders should assume the capability exists and treat the vulnerability as potentially exploitable.