5 matches found
ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplie...
CVE-2024-48841
creationtimestamp| type| source ---|---|--- 2025-01-27 20:16:06+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqqzjt74p27 2025-01-27 20:28:57+00:00| seen| https://infosec.exchange/users/cR0w/statuses/113902206110094531 2025-01-27 21:51:58+00:00| seen|...
CVE-2024-48841
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older...
CVE-2024-48841
CVE-2024-48841 affects ABB Cylon FLXeon 9.3.4 and earlier. Multiple authenticated and unauthenticated remote code execution vectors are reported (examples: /api/users/password, /api/cert, /api/timeConfig, /api/cmds.js, /api/upload). The root cause across endpoints is improper input validation lea...
CVE-2024-48841 Remote Code Execution (RCE) Vulnerabilities
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older...