CVE-2026-35075

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1393

Related Identifiers

CVE-2026-35075

Affected Products

Double-A Profibus

Double-A X-Link

Double-X Can

Double-X Dali

Double-X Knx

Double-X Lon

Double-X M-Bus

Double-X Profinet

Double-X X-Link

Single-A

Single-X

Triple-X Knx+Dali

Triple-X Knx+Lon

Triple-X Knx+M-Bus

Triple-X Profinet+Dali

Triple-X Profinet+Knx

Triple-X Profinet+Lon

Triple-X Profinet+M-Bus

CVE-2026-35075

Weakness Enumeration

Related Identifiers

Affected Products

References · 2