ABB Cylon Aspect Vulnerability: When Building Management Goes Rogue!

Attention hackers and curious coders: ABB Cylon Aspect 3.08.01 has a remote code execution vulnerability that’s just begging for attention. Thanks to a “big” oversight in bigUpload.php, malicious files can be sneakily uploaded and executed. So, if you’re into unauthorized access, this bug might just be your new best friend!

1P
Published: April 2, 2025 6:56 amAdded: April 2, 2025 at 12:07 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that a building management system could moonlight as a hacker’s playground? ABB Cylon’s Aspect 3.08.01 is such a high achiever that it not only manages energy but also allows remote code execution! This vulnerability is like leaving the key under the mat for hackers, letting them waltz right into your building’s control system with a simple POST request and a bit of PHP magic.

Key Points:

  • ABB Cylon’s Aspect 3.08.01 has a remote code execution vulnerability.
  • The flaw is in the bigUpload.php file, specifically in the uploadFile() function.
  • It allows attackers to upload malicious files and execute code remotely.
  • Tested on various GNU/Linux systems and processors.
  • Discovered by researcher Gjoko ‘LiquidWorm’ Krstic; CVE ID is CVE-2024-6298.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?