CISA Releases Fourteen Industrial Control Systems Advisories

CISA released fourteen Industrial Control Systems ICS advisories on September 9, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-252-01 Rockwell Automation ThinManager ICSA-25-252-02 ABB Cylon Aspect BMS/BAS...

ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)

ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.04 Summary: ASPECT is an award-winning scalable building energy management...

ABB Cylon Aspect 3.08.04 (DeploySource) Unauthenticated Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...

ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation

!/usr/bin/env python Exploit Title: ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalabl...

ABB Cylon Aspect Studio 3.08.03 - Binary Planting

Exploit Title: ABB Cylon Aspect Studio 3.08.03 - Binary Planting Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: type project P R O J E C T .| | | |'| . | | |. |' .---"| .-' '-. | | .--'| || | | | .-'| .| | || '- | | | || | |' | |. | || | | | | || | | '-' ' "" '-' '-.'...

📄 ABB Cylon Aspect 3.08.03 login.php Obscure Authentication Bypass

The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite...

📄 ABB Cylon Aspect Studio 3.08.03 CylonLicence.dll Binary Planting

A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary"CylonLicence" without a full path, falling back to the standard library search order. If an attacker can plant a malicious...

📄 ABB Cylon Aspect 3.08.03 Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...

ABB Cylon Aspect 3.08.03 (logMixDownload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

ABB Cylon Aspect 3.08.03 (MIX->UserManager) Auth Bypass Create MIXAdmin

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...

ABB Cylon BACnet MS/TP Kernel Module (mstp.ko) Out-of-Bounds Write in SendFrame()

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. BACnet Smart Building Controllers. ABB's BACnet portfolio features a series of...

ABB Cylon Aspect 3.08.03 (logYumLookup.php) Hybrid Path Traversal

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BAS controller is vulnerable to an authenticated...

ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the...

ABB Cylon Aspect 3.08.03 (MIX->HTTPDownloadServlet) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...

ABB Cylon Aspect 3.08.03 (MIX->DeploymentServlet) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...

ABB Cylon Aspect Studio 3.08.03 (CylonLicence.dll) Binary Planting

Summary ABB Cylon ASPECT Studio is a graphical programming tool and integrated development environment IDE for ABB Cylon ASPECT products. It's used to engineer comprehensive area control and graphical user interface GUI solutions, containing a library of logical and graphical widgets. It allows...

ABB Cylon Aspect Studio 3.08.03 Insecure Permissions

Summary ABB Cylon ASPECT Studio is a graphical programming tool and integrated development environment IDE for ABB Cylon ASPECT products. It's used to engineer comprehensive area control and graphical user interface GUI solutions, containing a library of logical and graphical widgets. It allows...

ABB Cylon Aspect 3.08.03 (login.php) Obscure Authentication Bypass

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BAS controller allows login using guest:guest,...

ABB Cylon Aspect 3.08.03 (MIX->HTTPDownloadServlet) File Deletion

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...