ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Project Download

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to unauthorized project file disclosure. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying requests to localhost (AspectFT Automation Application Server), granting remote attackers unauthorized access to internal Java servlets. This exposes potentially sensitive project data and configuration details without requiring authentication.