header-logo
Suggest Exploit
vendor:
ABB Cylon Aspect
by:
Gjoko 'LiquidWorm' Krstic
6.1
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: ABB Cylon Aspect
Affected Version From: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware version <=3.08.02
Affected Version To: 03.08.02
Patch Exists: NO
Related CWE: CVE-2024-51546
CPE: a:abb_ltd:aspect:3.08.02
Metasploit:
Other Scripts:
Platforms Tested: GNU/Linux, Intel processors, PHP, AspectFT Automation Application Server, lighttpd, Apache, OpenJDK, ErgoTech MIX Deployment Server
2024

ABB Cylon Aspect 3.08.02 – Cookie User Password Disclosure

The ABB Cylon Aspect version 3.08.02 application is vulnerable to storing sensitive information in clear text within a Cookie. This includes the global parameter, where base64-encoded credentials are stored. By exploiting this vulnerability, a remote attacker can intercept the HTTP Cookie, gaining access to authentication credentials through a man-in-the-middle attack, potentially leading to unauthorized access to user accounts and sensitive data.

Mitigation:

To mitigate this vulnerability, users should ensure that sensitive information is not stored in clear text within Cookies. Implementing encryption mechanisms to protect sensitive data during transmission and storage is recommended.
Source

Exploit-DB raw data:

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
                  Firmware: <=3.08.02

Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.

Desc: The application suffers from cleartext transmission and storage of
sensitive information in a Cookie. This includes the globals parameter, where
authdata contains base64-encoded credentials. A remote attacker can intercept
the HTTP Cookie, including authentication credentials, through a man-in-the-middle
attack, potentially compromising user accounts and sensitive data.

Tested on: GNU/Linux 3.15.10 (armv7l)
           GNU/Linux 3.10.0 (x86_64)
           GNU/Linux 2.6.32 (x86_64)
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
           PHP/7.3.11
           PHP/5.6.30
           PHP/5.4.16
           PHP/4.4.8
           PHP/5.3.3
           AspectFT Automation Application Server
           lighttpd/1.4.32
           lighttpd/1.4.18
           Apache/2.2.15 (CentOS)
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
           ErgoTech MIX Deployment Server 2.0.0


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2025-5895
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5895.php
CVE ID: CVE-2024-51546
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-51546


21.04.2024

--


$ cat project

                 P   R   O   J   E   C   T

                        .|
                        | |
                        |'|            ._____
                ___    |  |            |.   |' .---"|
        _    .-'   '-. |  |     .--'|  ||   | _|    |
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |
     |' | |.    |    ||       | |   |  |    ||      |
 ____|  '-'     '    ""       '-'   '-.'    '`      |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 


Cookie: PHPSESSID=xxx; context1=xxx; globals={"currentUser":{"username":"aamuser","authdata":"YWFtdXNlcjpkZWZhdWx0","mangledAuth":"bXVidmZnO2Vmc3Z0Ym45YjczMzY2ODo6MjQyODQ7Mg==","loginExpirySeconds":0},"loggedIn":true,"lang":"en"}; cod=5.27; connect.sid=xxx; csd=44

Navigation

Suggest Exploit

Services By CQR