When Guest Privileges Throw a Party: ABB Cylon Aspect’s Root Escalation Fiasco!

The ABB Cylon Aspect 3.08.03 firmware has an amusingly named exploit, “Guest2Root Privilege Escalation.” It lets an attacker with valid credentials escalate privileges from a mere guest to the almighty root. If your building energy management system starts acting like it’s on a power trip, it might just be this exploit at work!

1P
Published: May 25, 2025 10:16 amAdded: May 25, 2025 at 3:39 amAssembled by: The Editor
Pro Dashboard

Hot Take:

ABB’s BMS/BAS systems are in hot water, and it seems like their security is as stable as a Jenga tower in a windstorm. When your guest login has more power than a superhero, it might be time to reconsider the access policies. ABB might want to start thinking about a new slogan: “Seamless Access… for EVERYONE!”

Key Points:

– ABB’s Cylon Aspect 3.08.03 systems have a critical Guest2Root vulnerability.
– Exploit involves using a crafted .bsx file to gain root access.
– Affected products include NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, and ASPECT-Studio.
– Vulnerability allows authenticated users to execute arbitrary code.
– Discovered by Gjoko ‘LiquidWorm’ Krstic, the vulnerability impacts several Linux distributions and PHP versions.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?