The ABB Cylon Aspect BMS/BAS controller before 4.00.00 allows unauthenticated attackers to execute arbitrary shell commands via unsanitized input in the serial and ManufactureDate POST parameters. This vulnerability can be exploited during the manufacturing phase when factory test scripts are present.
The ABB Cylon Aspect 3.08.02 webServerUpdate.php script does not properly validate input on the port POST parameter, allowing attackers to bypass client-side checks and supply arbitrary integer values. This can lead to configuration poisoning, Denial of Service (DoS) attacks, and manipulation of server settings via Cross-Site Request Forgery (CSRF) combined with authentication bypass.
The ABB Cylon Aspect BMS/BAS controller is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. This can be exploited by leveraging an unauthenticated reflected XSS vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixated session.
The ABB BMS/BAS controller in ABB Cylon Aspect 3.08.02 allows authenticated users to store malicious scripts. By manipulating the 'host' POST parameter, an attacker can inject arbitrary HTML/JS code into the application. This can lead to the execution of unauthorized code within the user's browsing session.
The ABB Cylon Aspect BMS/BAS controller version 4.00.00 is vulnerable to unauthenticated reflected cross-site scripting (XSS) through the 'title' GET parameter. Attackers can execute malicious HTML/JS code in a user's browser within the context of the affected site.
The ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to delete files with web server permissions through directory traversal sequences in the 'file' parameter of 'databasefiledelete.php'. This vulnerability could be exploited to delete critical files.
Services By CQR