CVE-2026-35075

Hardcoded default Password for Service Account

CVSS 9.3 CRITICALEPSS 0.5%CWE-1393

In short

A default password is embedded in the firmware of affected devices, allowing anyone who downloads the firmware to discover it and gain full control of the system without needing to log in first.

Technical detail

An attacker can extract the hardcoded service account credentials from publicly available or accessible firmware images, enabling unauthenticated remote access with full privileges. Pre-condition: ability to obtain the firmware; impact: complete device compromise and lateral movement within the network.

Summary generated and translated by AI from the official description.

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MBS · Double-A Profibus MBS · Double-A x-link MBS · Double-X CAN MBS · Double-X DALI MBS · Double-X KNX MBS · Double-X LON MBS · Double-X M-Bus MBS · Double-X PROFINET MBS · Double-X x-link MBS · Single-A MBS · Single-X MBS · Triple-X KNX+DALI MBS · Triple-X KNX+LON MBS · Triple-X KNX+M-Bus MBS · Triple-X PROFINET+DALI MBS · Triple-X PROFINET+KNX MBS · Triple-X PROFINET+LON MBS · Triple-X PROFINET+M-Bus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.certvde.com/en/advisories/VDE-2026-039/