Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-35075 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-35075 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-35075 is a hard-coded credential vulnerability affecting Mbs-Solutions Universal Gateway Firmware, Double-A Profibus, and Double-A X-Link devices, allowing unauthenticated remote attackers to extract a default password directly from the firmware image and gain full device access.

Technical Detail

The affected firmware contains a hard-coded default password that is recoverable through static analysis of the firmware image, requiring no special tooling or privileged access to extract. An unauthenticated remote attacker who obtains the firmware -- whether through public availability, physical access, or prior compromise -- can recover this credential and authenticate to any affected device running the default configuration. Successful exploitation grants full administrative access, enabling complete device takeover, configuration modification, lateral movement within industrial or gateway network segments, and potential disruption of connected Profibus or X-Link communications.

Exploitation Status

No known exploit code has been publicly documented at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. However, the nature of this vulnerability -- a recoverable static credential embedded in firmware -- requires minimal technical sophistication to exploit once the firmware image is obtained, which substantially lowers the practical barrier to abuse even in the absence of a published exploit.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor associations have been identified in connection with this vulnerability.

What To Do

Contact Mbs-Solutions immediately to obtain patched firmware versions for Universal Gateway, Double-A Profibus, and Double-A X-Link products, and apply updates as soon as they are available. As an interim measure, restrict network access to affected devices using firewall rules or network segmentation to limit exposure to trusted hosts only. Where possible, change default credentials on affected devices if the firmware supports credential modification, and audit device configurations to confirm no unauthorized access has occurred. Monitor authentication logs on affected devices and adjacent network infrastructure for unexpected login attempts or configuration changes. Given the critical CVSS score of 9.8 and the low exploitation complexity inherent to hard-coded credential flaws, this should be treated as a high-priority remediation item regardless of current KEV status.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →