ABB Cylon Aspect 3.07.02 suffers from a weak password policy in userManagement.php, allowing users to set simple or empty passwords and usernames without constraints. This flaw decreases account security, empowering attackers to misuse weak credentials for unauthorized access.
The ABB Cylon Aspect 3.08.02 allows attackers to perform unauthorized actions with administrative privileges by sending malicious HTTP requests to the userManagement.php script. This vulnerability exists due to the lack of proper validation checks on incoming requests, enabling attackers to exploit the system through a logged-in user visiting a malicious website.
The ABB Cylon Aspect BMS/BAS controller in version 3.08.02 and below is vulnerable to an authenticated blind command injection. Attackers can execute arbitrary shell commands by manipulating input in certain POST parameters. Additionally, an off-by-one error in array access can result in undefined behavior and potential Denial of Service (DoS) attacks.
ABB Cylon Aspect 3.08.03 is prone to an authenticated reflected cross-site scripting vulnerability. The issue occurs because input provided to the 'name' and 'id' parameters via GET requests is not properly sanitized before being returned to users. An attacker can exploit this vulnerability to execute arbitrary HTML or JavaScript code within the context of a user's browser session on the affected site.
The ABB Cylon Aspect 3.08.02 webServerUpdate.php script does not properly validate input on the port POST parameter, allowing attackers to bypass client-side checks and supply arbitrary integer values. This can lead to configuration poisoning, Denial of Service (DoS) attacks, and manipulation of server settings via Cross-Site Request Forgery (CSRF) combined with authentication bypass.
The ABB Cylon Aspect version 3.08.01 and below is vulnerable to remote code execution. The issue arises due to the improper handling of user input in the uploadFile() function of bigUpload.php. This vulnerability allows an attacker to upload malicious files to arbitrary locations on the server, leading to arbitrary code execution. An authenticated attacker can exploit this to gain unauthorized access to the building controller.
The ABB Cylon Aspect BMS/BAS controller before 3.08.02 allows unauthenticated users to execute arbitrary shell commands via the deployStart.php script. This vulnerability can be exploited to run the 'rundeploy.sh' script, which initializes the Java deployment server and configures settings, leading to unauthorized server initialization and potential performance issues.
The ABB Cylon Aspect BMS/BAS controller version 4.00.00 is vulnerable to unauthenticated reflected cross-site scripting (XSS) through the 'title' GET parameter. Attackers can execute malicious HTML/JS code in a user's browser within the context of the affected site.
The ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to delete files with web server permissions through directory traversal sequences in the 'file' parameter of 'databasefiledelete.php'. This vulnerability could be exploited to delete critical files.
Services By CQR