ABB Cylon Aspect 3.08.02 (editOverride.php) Authentication Bypass MIX Override

ABB Cylon Aspect 3.08.02 (aspectMemory.php) Arbitrary Heap Memory Configuration

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Configuration Manipulation

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

ABB Cylon Aspect 3.08.01 (portQueueAjax.php) Information Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.

Headline

ABB Cylon Aspect 3.08.01 (vstatConfigurationDownload.php) Config Download

Zero Science Lab: Latest News