Headline
ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download
The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.