Security
Headlines
HeadlinesLatestCVEs

Headline

ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service Control

The BMS/BAS controller suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

Zero Science Lab
#vulnerability#js#php#auth#ssh

Zero Science Lab: Latest News

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass