Security
Headlines
HeadlinesLatestCVEs

Headline

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Servlet Inclusion Authentication Bypass

The ABB BMS/BAS controller is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.

Zero Science Lab
#js#java#php#auth

Zero Science Lab: Latest News

ABB Cylon Aspect 3.08.02 (WatchDogServlet) Authenticated Reflected XSS