ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Project Download

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Servlet Inclusion Authentication Bypass

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Credentials Disclosure

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Reflected XSS

The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.

Headline

ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download

Zero Science Lab: Latest News