ABB Cylon Aspect 3.08.01 (jsonProxy.php) Servlet Inclusion Authentication Bypass

The ABB BMS/BAS controller is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.