HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35081Published Modified CNA CERTVDE

CVE-2026-35081: Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

Metrics

CVSS v4.0
7.2
Severity
HIGH
Fixed in
V6_0_0_7
Affected Products
18

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An arbitrary process termination vulnerability exists in the ugw-logstop method across multiple MBS device firmware variants. A remote attacker with low-privilege user credentials can reach this method over the network and supply unsanitized input to kill arbitrary processes on the device. Successful exploitation allows the attacker to disrupt or destroy running services and tamper with the integrity of persisted or in-flight data. A patched-image rebuild at V6_0_0_7 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-35081 is available across every HarborGuard environment; the CVE is ingested from upstream feeds (including CERTVDE advisories) within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images derived from affected MBS firmware bases.

Available
Triage

HarborGuard scores this CVE at 7.2 HIGH using the CVSS v4.0 vector and can weight that score against each customer environment's compliance policy to determine urgency and route findings to the appropriate team inbox within the customer org.

Available
Patch

A patched-image rebuild at V6_0_0_7 becomes available on HarborGuard for any environment running an affected firmware version below V6_0_0_7. For customers who opt into auto-remediation, HarborGuard can execute a rebuild, run a regression test suite against the new image, and open a pull request against affected workloads.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the ugw-logstop method over the network (AV:N); the device must be network-accessible to be targeted.

  • AuthenticationRequired

    A low-privilege user account is sufficient; no administrative credentials are needed (PR:L).

  • Victim interactionNot required

    No user interaction is needed; the attacker can exploit this entirely without involving any other party (UI:N).

  • Attack complexityDetail

    Exploit conditions are reliable and require no special environmental setup or race conditions (AC:L, AT:N).

Blast Radius

  • The attacker can terminate arbitrary processes on the device, immediately halting any service or daemon running on the host.
  • Killing critical processes corrupts or discards in-flight data and can leave persistent state in an inconsistent or unrecoverable condition (VI:H).
  • Service availability is destroyed for any process the attacker targets, including protocol bridges and logging daemons, causing operational outages (VA:H).
  • Scope is contained to the affected device itself; no lateral impact to adjacent systems is indicated by the CVSS vector (SC:N, SI:N, SA:N).

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-35081 activates as soon as the advisory is ingested, matching all images built on affected MBS firmware variants (Single-A, Double-A Profibus, Double-A x-link, Single-X, Double-X CAN, Double-X DALI, Double-X KNX, Double-X LON) across versions V1_0_0_0 through pre-V6_0_0_7. A rebuild at the fixed version V6_0_0_7 is available for affected images. For customers who opt into auto-remediation, HarborGuard can rebuild the image, execute regression tests, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated team inbox with full CVSS context for prioritization.

See how HarborGuard automates this

Fix available

V6_0_0_7
Affected packages
  • MBS / Single-A
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-A Profibus
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-A x-link
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Single-X
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X CAN
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X DALI
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X KNX
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X LON
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X M-Bus
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X PROFINET
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Double-X x-link
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X KNX+DALI
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X KNX+LON
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X KNX+M-Bus
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X PROFINET+DALI
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X PROFINET+KNX
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X PROFINET+LON
    < V6_0_0_7 (from V1_0_0_0)
  • MBS / Triple-X PROFINET+M-Bus
    < V6_0_0_7 (from V1_0_0_0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
References