Security
Headlines
HeadlinesLatestCVEs

Headline

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Remote SSH Service Control

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to unauthorized SSH service configuration changes. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php script proxies requests to localhost without enforcing authentication, allowing attackers to modify SSH settings and potentially gain further unauthorized access to the system.

Zero Science Lab
#js#php#auth#ssh

Zero Science Lab: Latest News

ABB Cylon Aspect 3.08.02 (WatchDogServlet) Authenticated Reflected XSS