ABB Cylon Aspect 3.08.02 (editOverride.php) Authentication Bypass MIX Override

ABB Cylon Aspect 3.08.02 (aspectMemory.php) Arbitrary Heap Memory Configuration

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Configuration Manipulation

ABB Cylon Aspect 3.08.01 (portQueueAjax.php) Information Disclosure

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'file' HTTP GET parameter called by the fileSystemUpdateExecute.php script.

Headline

ABB Cylon Aspect 3.08.02 (fileSystemUpdateExecute.php) Remote Code Execution

Zero Science Lab: Latest News