ABB Cylon FLXeon Vulnerability: When Smart Building Controllers Go Rogue!

The ABB Cylon FLXeon BACnet controller is like a party crasher that never gets caught! Thanks to its unauthenticated WebSocket feature, it allows any mischievous hacker to execute tcpdump commands, creating a network traffic jam. This vulnerability is the tech equivalent of leaving your front door wide open with a sign saying, “Come on in!”

1P
Published: April 11, 2025 2:54 pmAdded: April 11, 2025 at 8:35 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that ABB’s BACnet controllers could double as a free-for-all playground for hackers? With WebSocket vulnerabilities lurking like uninvited guests, it seems like ABB has left the doors wide open for a party no one wanted to host. Maybe they should’ve installed their own building management solutions to keep this under control!

Key Points:

  • The ABB Cylon FLXeon BACnet controller is susceptible to unauthenticated WebSocket attacks.
  • Hackers can execute the tcpdump command remotely, capturing network traffic and causing chaos.
  • This vulnerability can lead to denial of service (DoS) and potential data exfiltration.
  • The affected firmware version is 9.3.4 and below across multiple series.
  • Discovered by Gjoko ‘LiquidWorm’ Krstic, the exploit showcases the dangers of unsecured WebSocket interfaces.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?