11 matches found
ABB FLXEON 安全漏洞
ABB FLXEON is a series of building automation controllers from ABB Switzerland. A security vulnerability exists in ABB FLXEON version 9.3.5 and earlier, which stems from improper validation of input types...
ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vulnerability
ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...
ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure
ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...
ABB Cylon FLXeon 9.3.4 (login.js) Node Timing Attack
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...
ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability
ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...
ABB Cylon FLXeon 9.3.4 (serialConfig.js) JSON Object Flooding DoS
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account
ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...
ABB Cylon FLXeon 9.3.4 cert.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where...
ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...