PRODUCT SAFETY AT MBS

Safety. Documented.

Security is part of a manufacturer's responsibility.
That is why we publish confirmed vulnerabilities in a transparent and structured manner—including an assessment and the solution provided.

Security is part of a manufacturer's responsibility.
Confirmed vulnerabilities are fixed and documented in a structured manner.

 

Our principle

We take every report seriously.
Confirmed vulnerabilities are fixed.
We then publish the relevant information in a transparent and comprehensible manner.

 

Current security information

Security Advisory – CVE-2026-31431
A security vulnerability has recently been disclosed in various Linux distributions that could, under certain circumstances, allow an attacker to escalate privileges to the root level (CVE-2026-31431).

The MBS Gateway platforms are not affected by this vulnerability. (The affected kernel module, CRYPTO_USER_API_AEAD, is not included in the relevant firmware versions.)

As of May 2026

MBS-2025-0001 – UBR: Multiple vulnerabilities in the web GUI fixed
Product: Universal BACnet Router (UBR)
Affected components: Web GUI / Firmware
Severity: High (max. CVSS 8.8)
Status: Fixed
Fix: Firmware V6.0.1.0 or higher (update recommended)

Several security vulnerabilities in the UBR firmware have been reported and fixed in firmware V6.0.1.0. We recommend that all customers using the affected version update to the latest firmware.

Links:
Firmware Update (V6.0.3.0) →
CVE Overview for MBS-2025-0001 →

Acknowledgments:
We would like to thank the reporting agencies, including Cyber Defense Campus Zurich and Armasuisse, for their support in reporting and coordination.

Disclosure and cooperation

Security-related information is published in accordance with the principle of responsible disclosure—in consultation with the parties involved and with a solution provided.

Report vulnerability
If you have discovered a potential security vulnerability in an MBS product, please use our central reporting office:
Report vulnerability →

Notifications about new security bulletins
Would you like to be notified about new security information?
We would be happy to add you to our mailing list.

Get more information now
×

Sign up for the product safety newsletter

* indicates required
Select your preferred language for emails

We will keep you regularly updated on our products, developments, and events. You can unsubscribe at any time.

We use Mailchimp to send our newsletter. This means that your data is also processed in the United States. By clicking "Subscribe," you agree that we may process your data for the purpose of sending the newsletter and transfer it to Mailchimp. You can revoke this consent at any time, e.g., via the unsubscribe link in every newsletter. For more information, please see our Privacy Policy.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices.