Description
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
Published: 2026-06-03
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack based buffer overflow exists in the bac-deviceobject method. The flaw can be triggered by an attacker who has user‑level access to the device, enabling the overflow of the stack and execution of arbitrary code. Successful exploitation grants the attacker full root‑level control over the affected system.

Affected Systems

All MBS devices listed as affected by the CNA advisories, including Double‑A Profibus, Double‑A x‑link, Double‑X CAN, Double‑X DALI, Double‑X KNX, Double‑X LON, Double‑X M‑Bus, Double‑X PROFINET, Double‑X x‑link, Single‑A, Single‑X, and the various Triple‑X combinations of KNX, DALI, LON, and PROFINET. No specific firmware version details are provided, so any firmware running the vulnerable method is potentially at risk until a patch is applied.

Risk and Exploitability

The CVSS score of 8.7 marks this vulnerability as high impact. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote; an attacker with user privileges can deliver malicious input over the network to invoke the buffer overflow. Because the flaw allows code execution, the risk of exploitation is significant and should be treated with priority.

Generated by OpenCVE AI on June 3, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied firmware update that resolves the buffer overflow in bac‑deviceobject.
  • If an update is not immediately available, restrict or disable access to the method and limit user privileges on the affected device.
  • Implement network monitoring for anomalous traffic or command patterns that may indicate an attempted overflow attempt.

Generated by OpenCVE AI on June 3, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Description A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
Title Stack buffer overflow in method bac-deviceobject
First Time appeared Mbs
Mbs double A Profibus Firmware
Mbs double A X Link Firmware
Mbs double X Can Firmware
Mbs double X Dali Firmware
Mbs double X Knx Firmware
Mbs double X Lon Firmware
Mbs double X M Bus Firmware
Mbs double X Profinet Firmware
Mbs double X X Link Firmware
Mbs single A Firmware
Mbs single X Firmware
Mbs triple X Knx Dali Firmware
Mbs triple X Knx Lon Firmware
Mbs triple X Knx M Bus Firmware
Mbs triple X Profinet Dali Firmware
Mbs triple X Profinet Knx Firmware
Mbs triple X Profinet Lon Firmware
Mbs triple X Profinet M Bus Firmware
Weaknesses CWE-121
CPEs cpe:2.3:o:mbs:double_a_profibus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_a_x_link_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_can_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_dali_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_knx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_lon_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_m_bus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_profinet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:double_x_x_link_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:single_a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:single_x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_knx_dali_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_knx_lon_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_knx_m_bus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_profinet_dali_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_profinet_knx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_profinet_lon_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbs:triple_x_profinet_m_bus_firmware:*:*:*:*:*:*:*:*
Vendors & Products Mbs
Mbs double A Profibus Firmware
Mbs double A X Link Firmware
Mbs double X Can Firmware
Mbs double X Dali Firmware
Mbs double X Knx Firmware
Mbs double X Lon Firmware
Mbs double X M Bus Firmware
Mbs double X Profinet Firmware
Mbs double X X Link Firmware
Mbs single A Firmware
Mbs single X Firmware
Mbs triple X Knx Dali Firmware
Mbs triple X Knx Lon Firmware
Mbs triple X Knx M Bus Firmware
Mbs triple X Profinet Dali Firmware
Mbs triple X Profinet Knx Firmware
Mbs triple X Profinet Lon Firmware
Mbs triple X Profinet M Bus Firmware
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mbs Double A Profibus Firmware Double A X Link Firmware Double X Can Firmware Double X Dali Firmware Double X Knx Firmware Double X Lon Firmware Double X M Bus Firmware Double X Profinet Firmware Double X X Link Firmware Single A Firmware Single X Firmware Triple X Knx Dali Firmware Triple X Knx Lon Firmware Triple X Knx M Bus Firmware Triple X Profinet Dali Firmware Triple X Profinet Knx Firmware Triple X Profinet Lon Firmware Triple X Profinet M Bus Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-06-03T14:07:23.610Z

Reserved: 2026-04-01T08:28:27.142Z

Link: CVE-2026-35083

cve-icon Vulnrichment

Updated: 2026-06-03T13:13:36.460Z

cve-icon NVD

Status : Received

Published: 2026-06-03T13:16:20.983

Modified: 2026-06-03T13:16:20.983

Link: CVE-2026-35083

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T13:30:26Z

Weaknesses