PRODUCT SAFETY AT MBS

Safety. Documented.

Security is part of a manufacturer's responsibility.
That is why we publish confirmed vulnerabilities in a transparent and structured manner—including an assessment and the solution provided.

Security is part of a manufacturer's responsibility.
Confirmed vulnerabilities are fixed and documented in a structured manner.

Our principle

We take every report seriously.
Confirmed vulnerabilities are fixed.
We then publish the relevant information in a transparent and comprehensible manner.

Current security information

MBS-2025-0001 – UBR: Multiple vulnerabilities in the web GUI fixed
Product: Universal BACnet Router (UBR)
Affected components: Web GUI / Firmware
Severity: High (max. CVSS 8.8)
Status: Fixed
Fix: Firmware V6.0.1.0 or higher (update recommended)

Several security vulnerabilities in the UBR firmware have been reported and fixed in firmware V6.0.1.0. We recommend that all customers using the affected version update to the latest firmware.

Links:
Firmware update (V6.0.1.0) →
CVE overview for MBS-2025-0001 →

Acknowledgments:
We would like to thank the reporting agencies, including Cyber Defense Campus Zurich and Armasuisse, for their support in reporting and coordination.

Disclosure and cooperation
We work together with recognized bodies such as CERT@VDE to coordinate security reports.

Security-related information is published in accordance with the principle of responsible disclosure—in consultation with the parties involved and with a solution provided.

Report vulnerability
If you have discovered a potential security vulnerability in an MBS product, please use our central reporting office:
Report vulnerability →

Notification of new security alerts
Would you like to be informed about new security information?
We would be happy to add you to our mailing list.
Get informed now →

Be part of our community and stay informed.
Follow us now.

As a manufacturer, we offer you comprehensive expertise and a wide range of products that meet all your requirements - Made in Germany.

Quality management according to ISO 9001
The quality management (QM) of Krefeld-based MBS GmbH has been successfully certified.

MBS GmbH maintains its own test laboratory with ten experienced employees, which has been accredited by the DAkkS since 2012. Now also a DALI test house.

MBS is a patron member of the Chartered Institution of Building Services Engineers (CIBSE), thereby supporting the promotion of best practice and young talent in building automation.

MBS GmbH | Römerstr. 15 | 47809 Krefeld | T +49 2151 7294-0 | info@mbs-solutions.de

Terms and Conditions| Privacy Policy | GDPR: Article 13 Information | Information on the Electrical and Electronic Equipment Act | Legal Notice

Information on vulnerabilities

PRODUCT SAFETY AT MBS

Our principle

Current security information