Headline
ABB Cylon Aspect 3.08.01 (pupDumpStats.php) Information Disclosure
The ABB Cylon ASPECT system contains an unauthenticated information disclosure vulnerability in the pupDumpStats.php script. When this endpoint is accessed, it triggers the download of a sensitive debug file located at /usr/local/aam/var/pupdbg.dump. This file may contain internal system information, including protocol states, transaction logs, and system mappings. The vulnerability arises from an Insecure Direct Object Reference (IDOR) issue, where the script does not validate or authenticate the requester before allowing access to the debug file. Exploiting this flaw enables an attacker to retrieve sensitive operational data, potentially aiding in further exploitation of the system.