The ABB Cylon Aspect BMS/BAS controller in versions <=3.08.02 is vulnerable to an authenticated stored cross-site scripting (XSS) flaw. An attacker can upload a malicious .txt file with XSS payload, which when stored on the server, can be served back to users. By injecting client-side scripts, attackers can execute arbitrary code in the context of any user accessing the infected file or related web page (license.php). Bypassing file upload checks requires including the Variant string in the request.
The ABB Cylon Aspect version 3.08.02 application is vulnerable to storing sensitive information in clear text within a Cookie. This includes the global parameter, where base64-encoded credentials are stored. By exploiting this vulnerability, a remote attacker can intercept the HTTP Cookie, gaining access to authentication credentials through a man-in-the-middle attack, potentially leading to unauthorized access to user accounts and sensitive data.
The ABB Cylon Aspect BMS/BAS controller has hard-coded credentials such as usernames, passwords, and encryption keys in various java classes. This vulnerability could be exploited by attackers to gain unauthorized access and compromise system integrity.
The ABB Cylon Aspect 3.07.02 product is prone to an authenticated arbitrary file disclosure vulnerability. This vulnerability exists in the 'downloadDb.php' script due to improper validation of user-supplied input in the 'file' GET parameter. Attackers can exploit this issue to read sensitive files by traversing directories.
The ABB BMS/BAS controller in ABB Cylon Aspect 3.07.01 operates with default and hard-coded credentials included in the installation package, making it vulnerable when exposed to the Internet.
The ABB Cylon Aspect BMS/BAS controller before 4.00.00 allows unauthenticated attackers to execute arbitrary shell commands via unsanitized input in the serial and ManufactureDate POST parameters. This vulnerability can be exploited during the manufacturing phase when factory test scripts are present.
The ABB Cylon controller in the version 3.08.02 and below is vulnerable to an authenticated path traversal issue. By manipulating the 'devName' POST parameter in ethernetUpdate.php script, an attacker can write partially controlled data like IP addresses to arbitrary file paths. This could potentially result in unauthorized configuration changes, system compromise, and denial of service by overwriting ethernet configuration backup files.
The ABB BMS/BAS controller in ABB Cylon Aspect 3.08.02 allows authenticated users to store malicious scripts. By manipulating the 'host' POST parameter, an attacker can inject arbitrary HTML/JS code into the application. This can lead to the execution of unauthorized code within the user's browsing session.
A vulnerability was found in ABB Cylon Aspect 3.08.02 in the escDevicesUpdate.php PHP script, where an off-by-one error in array access could result in undefined behavior and a possible Denial of Service (DoS) attack. The issue occurs in a loop that iterates over an array using a < condition, enabling access to an out-of-bounds index. This could lead to errors or unexpected behavior, potentially causing the application to crash. Exploiting this vulnerability could result in a crash or service disruption, especially with large data sets. The vulnerability can be triggered via the rowCount POST parameter in the Electronic Security Control device update script.
Services By CQR