Lucene search
K

25 matches found

Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.81 views

📄 ABB Cylon FLXeon 9.3.5 capture.js Authenticated File Disclosure / Deletion

The ABB Cylon FLXeon BACnet controller is vulnerable to a path traversal flaw in its capture.js endpoint due to unsanitized user input being directly concatenated into a filesystem path. An attacker can exploit this by supplying crafted file names to access arbitrary files outside the intended va...

7.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/05/19 12:0 a.m.246 views

ABB Cylon FLXeon 9.3.5 (uukl.js) Predictable Salt and Weak Hashing Algorithm

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/05/19 12:0 a.m.244 views

ABB Cylon FLXeon 9.3.5 (capture.js) Authenticated File Disclosure/Delete

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/05/19 12:0 a.m.336 views

ABB Cylon FLXeon 9.3.5 (siteGuide.js) Authenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/05/19 12:0 a.m.237 views

ABB Cylon FLXeon 9.3.5 (bbmdList.js) Authenticated Config Poisoning

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.9AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.311 views

ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning PoC Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Advisory ID: ZSL-2025-5913 Advisory URL:...

9.4CVSS7AI score0.00888EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.336 views

ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure

Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...

9.4CVSS7AI score0.02366EPSS
Exploits7
0day.today
0day.today
added 2025/02/15 12:0 a.m.223 views

ABB Cylon FLXeon 9.3.4 app.js Insecure CORS Configuration Vulnerability

ABB Cylon FLXeon version 9.3.4 suffers from an insecure CORS configuration. !-- ABB Cylon FLXeon 9.3.4 app.js Insecure CORS Configuration Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Serie...

7.4AI score
Exploits0
0day.today
0day.today
added 2025/02/15 12:0 a.m.251 views

ABB Cylon FLXeon 9.3.4 cert.js System Logs Information Disclosure Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where an authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for furth...

6.9CVSS6.8AI score0.02366EPSS
Exploits7
0day.today
0day.today
added 2025/02/15 12:0 a.m.129 views

ABB Cylon FLXeon 9.3.4 Default Credentials Vulnerability

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/14 12:0 a.m.309 views

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

7.6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/02/13 12:0 a.m.300 views

ABB Cylon FLXeon 9.3.4 (app.js) Insecure CORS Configuration

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/02/13 12:0 a.m.346 views

ABB Cylon FLXeon 9.3.4 (cert.js) System Logs Information Disclosure

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

9.4CVSS7.3AI score0.02366EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/02/13 12:0 a.m.283 views

ABB Cylon FLXeon 9.3.4 Default Credentials

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/10 12:0 a.m.253 views

ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...

7.1AI score
Exploits0
0day.today
0day.today
added 2025/02/09 12:0 a.m.189 views

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

8.8CVSS7.5AI score0.00888EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/02/07 12:0 a.m.290 views

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

8.8CVSS7.6AI score0.00888EPSS
Exploits4
0day.today
0day.today
added 2025/02/03 12:0 a.m.155 views

ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplie...

10CVSS10AI score0.04328EPSS
Exploits18
Zero Science Lab
Zero Science Lab
added 2025/02/03 12:0 a.m.300 views

ABB Cylon FLXeon 9.3.4 (cert.js) Authenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

10CVSS7.8AI score0.04328EPSS
Exploits18
0day.today
0day.today
added 2025/02/03 12:0 a.m.189 views

ABB Cylon FLXeon 9.3.4 timeConfig.js Authenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/timeConfig endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN, and multiple timeDate fields. The vulnerability...

10CVSS9.7AI score0.04328EPSS
Exploits18
Rows per page
Query Builder