Lucene search
K

11 matches found

CNNVD
CNNVD
added 2025/09/18 12:0 a.m.3 views

ABB FLXEON 安全漏洞

ABB FLXEON is a series of building automation controllers from ABB Switzerland. A security vulnerability exists in ABB FLXEON version 9.3.5 and earlier, which stems from improper validation of input types...

7.5CVSS6.6AI score0.0033EPSS
Exploits0References1
0day.today
0day.today
added 2025/02/15 12:0 a.m.205 views

ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vulnerability

ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...

6.9CVSS7AI score0.02366EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.254 views

ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure

ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...

6.9CVSS7AI score0.02366EPSS
Exploits7
Zero Science Lab
Zero Science Lab
added 2025/02/14 12:0 a.m.335 views

ABB Cylon FLXeon 9.3.4 (login.js) Node Timing Attack

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/02/13 12:0 a.m.265 views

ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.8AI score
Exploits0
0day.today
0day.today
added 2025/02/11 12:0 a.m.162 views

ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/02/09 12:0 a.m.143 views

ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability

ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...

7.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/02/08 12:0 a.m.332 views

ABB Cylon FLXeon 9.3.4 (serialConfig.js) JSON Object Flooding DoS

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/07 12:0 a.m.285 views

ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account

ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/04 12:0 a.m.350 views

ABB Cylon FLXeon 9.3.4 cert.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where...

10CVSS9.7AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/02/03 12:0 a.m.294 views

ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...

10CVSS10AI score0.04328EPSS
Exploits18
Rows per page
Query Builder