The ABB Cylon Aspect version 3.08.02 application is vulnerable to storing sensitive information in clear text within a Cookie. This includes the global parameter, where base64-encoded credentials are stored. By exploiting this vulnerability, a remote attacker can intercept the HTTP Cookie, gaining access to authentication credentials through a man-in-the-middle attack, potentially leading to unauthorized access to user accounts and sensitive data.
The ABB Cylon Aspect BMS/BAS controller before 3.08.02 is vulnerable to authenticated OS command injection. Attackers can upload a specially crafted .db file that contains malicious shell commands. These commands are then executed on the server through the copyFile.sh script, bypassing filename sanitization.
The ABB Cylon Aspect BMS/BAS controller in version 3.08.02 and below is vulnerable to an authenticated blind command injection. Attackers can execute arbitrary shell commands by manipulating input in certain POST parameters. Additionally, an off-by-one error in array access can result in undefined behavior and potential Denial of Service (DoS) attacks.
The ABB Cylon Aspect BMS/BAS controller before 3.08.02 allows unauthenticated users to execute arbitrary shell commands via the deployStart.php script. This vulnerability can be exploited to run the 'rundeploy.sh' script, which initializes the Java deployment server and configures settings, leading to unauthorized server initialization and potential performance issues.
The ABB Cylon controller in the version 3.08.02 and below is vulnerable to an authenticated path traversal issue. By manipulating the 'devName' POST parameter in ethernetUpdate.php script, an attacker can write partially controlled data like IP addresses to arbitrary file paths. This could potentially result in unauthorized configuration changes, system compromise, and denial of service by overwriting ethernet configuration backup files.
Services By CQR