| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the micro-program software used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encrypted account data. This vulnerability allows a perpetrator to execute arbitrary codes. | 10 Feb 202500:00 | โ | bdu_fstec | |
| CVE-2024-51547 | 6 Feb 202504:19 | โ | circl | |
| ABBๅคๆฌพไบงๅ ไฟกไปป็ฎก็้ฎ้ขๆผๆด | 6 Feb 202500:00 | โ | cnnvd | |
| CVE-2024-51547 | 6 Feb 202504:12 | โ | cve | |
| CVE-2024-51547 Credentials Disclosure - keys | 6 Feb 202504:12 | โ | cvelist | |
| EUVD-2024-45734 | 3 Oct 202520:07 | โ | euvd | |
| ABB ASPECT-Enterprise NEXUS and MATRIX Series | 5 Feb 202500:30 | โ | ics | |
| CVE-2024-51547 | 6 Feb 202505:15 | โ | nvd | |
| CVE-2024-51547 | 6 Feb 202505:15 | โ | osv | |
| PT-2025-5799 ยท Abb ยท Aspect-Enterpriseย +2 | 5 Feb 202500:00 | โ | ptsecurity |
<html><body><p>ABB Cylon Aspect 3.08.03 Hard-coded Secrets
Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.08.03
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The ABB Cylon Aspect BMS/BAS controller contains multiple instances
of hard-coded credentials, including usernames, passwords, and encryption
keys embedded in various java classes. This practice poses significant security
risks, allowing attackers to gain unauthorized access and compromise the
system's integrity.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
ErgoTech MIX Deployment Server 2.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2025-5896
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5896.php
21.04.2024
--
$ cat project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
โโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโ
$ cat secrets.txt
- SynchronizedSecurityServicesHandler.class -> CrET8MEbraME4ahu
- MapInvisibleSchedule.class -> calendar:user
- WDSupervisor.class -> aamservletuser:kakideco
- AESCipher2.class -> uajo4nzibb$#1E4V5262b17f-c3d5-4190-a442-6d251f9da52b
- AESCipher.class -> default
- BrokerURL.class -> aamuser:default
- Schedule.class -> calendar:user
- BfUtils.class -> CrET8MEbraME4ahu
- Context.class -> \037jchabucos:friske
- Db.class -> matrixac1:aam
</p></body></html>Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation