ABB Cylon Aspect 3.08.01 (mstpstatus.php) Information Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various BACnet MS/TP statistics running on the device.