Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

🗓️ 26 Sep 2024 00:00:00Reported by LiquidWorm, zeroscience.mkType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 270 Views

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials in phpMyAdmi

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2024-4007
4 Apr 202521:02
circl
CNNVD		Various ABB products Security breaches
1 Jul 202400:00
cnnvd
CVE		CVE-2024-4007
1 Jul 202412:06
cve
Cvelist		CVE-2024-4007 Hard coded default credential contained in install package
1 Jul 202412:06
cvelist
Exploit DB		ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
3 Apr 202500:00
exploitdb
EUVD		EUVD-2024-32573
3 Oct 202520:07
euvd
NVD		CVE-2024-4007
1 Jul 202413:15
nvd
Positive Technologies		PT-2024-6673 · Abb · Abb Aspect +2
26 Jun 202400:00
ptsecurity
Vulnrichment		CVE-2024-4007 Hard coded default credential contained in install package
1 Jul 202412:06
vulnrichment
Zero Science Lab		ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin
26 Sep 202400:00
zeroscience
Rows per page
`  
ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin  
  
  
Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.07.01  
  
Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.  
  
Desc: The ABB BMS/BAS controller is operating with default and hard-coded  
credentials contained in install package while exposed to the Internet.  
  
Tested on: GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86_64)  
GNU/Linux 2.6.32 (x86_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
phpMyAdmin 2.11.9  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
Reported by DIVD  
  
  
Advisory ID: ZSL-2024-5830  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5830.php  
CVE ID: CVE-2024-4007  
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-4007  
  
  
21.04.2024  
  
--  
  
  
$ cat project  
  
P R O J E C T  
  
.|  
| |  
|'| ._____  
___ | | |. |' .---"|  
_ .-' '-. | | .--'| || | _| |  
.-'| _.| | || '-__ | | | || |  
|' | |. | || | | | | || |  
____| '-' ' "" '-' '-.' '` |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░   
  
  
$ cat max/var/www/html/phpMyAdmin/config.inc.php | grep control  
$cfg['Servers'][$i]['controluser'] = 'root';  
$cfg['Servers'][$i]['controlpass'] = 'F@c1liTy';  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Sep 2024 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 48.7
CVSS 3.18.8
EPSS0.07194
SSVC
abb cylon aspecthard-coded credentialsphpmyadminabb ltdnexus seriesmatrix-2 seriesaspect-enterpriseaspect-studiofirmware <=3.07.01building energy managementcontrol solutiondefault credentialsinternet exposurevulnerabilitygjoko 'liquidworm' krsticdivdzsl-2024-5830cve-2024-4007gnu/linuxintel(r) atom(tm) processorintel(r) xeon(r) silverphp/7.3.11php/5.6.30php/5.4.16php/4.4.8php/5.3.3aspectft automation application serverlighttpdapache/2.2.15openjdk runtime environment
270