Headline
ABB Cylon Aspect 3.08.01 (portQueueAjax.php) Information Disclosure
The portQueueAjax.php endpoint on ABB Cylon Aspect BMS/BAS controller is accessible without authentication, potentially exposing sensitive port statistics and network activity metrics. An attacker could leverage this information to map the network, identify critical systems, and plan further attacks.