ABB Cylon Aspect 3.08.01 (combinedStats.php) Information Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can access the affected page and retrieve sensitive system details, including active threads, mapping of reference paths, port pool configurations, internal IP addresses, serial port queue information, and performance metrics such as transaction times.