Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2025/02/04 12:0 a.m.294 views

ABB Cylon FLXeon 9.3.4 users.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the newPassword PUT parameter. The issue arises in users.js, where the new passwor...

10CVSS9.9AI score0.04328EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/02/03 12:0 a.m.285 views

ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplie...

10CVSS10AI score0.04328EPSS
Exploits18
0day.today
0day.today
added 2025/02/03 12:0 a.m.167 views

ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...

10CVSS9.9AI score0.04328EPSS
Exploits18
CVE
CVE
added 2025/01/27 7:25 p.m.84 views

CVE-2024-48841

CVE-2024-48841 affects ABB Cylon FLXeon 9.3.4 and earlier. Multiple authenticated and unauthenticated remote code execution vectors are reported (examples: /api/users/password, /api/cert, /api/timeConfig, /api/cmds.js, /api/upload). The root cause across endpoints is improper input validation lea...

10CVSS7.9AI score0.04328EPSS
Exploits18References1
Rows per page
Query Builder