CVE-2024-48842

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2025-10205

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions...

CVE-2025-10205 Predictable Salt and Weak Hashing Algorithm

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions...

CVE-2024-48842 Hardcoded passwords

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

PT-2025-38219

Name of the Vulnerable Software and Affected Versions: ABB FLXEON versions through 9.3.5 and newer versions Description: The software uses a one-way hash with a predictable salt. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabili...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

ABB FLXeon Log Message Disclosure Vulnerability

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon version 9.3.4 and prior versions suffer from a log information disclosure vulnerability that stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to obtain sensiti...