Lucene search
K

5 matches found

0day.today
0day.today
added 2025/02/03 12:0 a.m.155 views

ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplie...

10CVSS10AI score0.04328EPSS
Exploits18
Circl
Circl
added 2025/01/27 8:16 p.m.6 views

CVE-2024-48841

creationtimestamp| type| source ---|---|--- 2025-01-27 20:16:06+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqqzjt74p27 2025-01-27 20:28:57+00:00| seen| https://infosec.exchange/users/cR0w/statuses/113902206110094531 2025-01-27 21:51:58+00:00| seen|...

10CVSS8.6AI score0.04328EPSS
Exploits18References13
NVD
NVD
added 2025/01/27 8:15 p.m.22 views

CVE-2024-48841

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older...

10CVSS0.04328EPSS
Exploits18References1
CVE
CVE
added 2025/01/27 7:25 p.m.85 views

CVE-2024-48841

CVE-2024-48841 affects ABB Cylon FLXeon 9.3.4 and earlier. Multiple authenticated and unauthenticated remote code execution vectors are reported (examples: /api/users/password, /api/cert, /api/timeConfig, /api/cmds.js, /api/upload). The root cause across endpoints is improper input validation lea...

10CVSS7.9AI score0.04328EPSS
Exploits18References1
Vulnrichment
Vulnrichment
added 2025/01/27 7:25 p.m.14 views

CVE-2024-48841 Remote Code Execution (RCE) Vulnerabilities

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older...

10CVSS9.8AI score0.04328EPSS
Exploits18References1
Rows per page
Query Builder