ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing
Title: ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing
Advisory ID: ZSL-2024-5861
Type: Local/Remote
Impact: DoS, Exposure of System Information
Risk: (2/5)
Release Date: 05.11.2024
Firmware: <=3.08.00
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
[22.04.2024] Vendor contacted.
[22.04.2024] Vendor responds.
[02.05.2024] Working with the vendor.
[08.03.2024] Vendor released version 3.08.01 to address this issue.
[05.11.2024] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2024110006
[08.11.2024] - Added reference [2]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2024-5861
Type: Local/Remote
Impact: DoS, Exposure of System Information
Risk: (2/5)
Release Date: 05.11.2024
Summary
ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.Description
A vulnerability was identified in a PHP script where an off-by-one error in array access could lead to undefined behavior and potential DoS. The issue arises in a loop that iterates over an array using a <= condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets.Vendor
ABB Ltd. - https://www.global.abbAffected Version
NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-StudioFirmware: <=3.08.00
Tested On
GNU/Linux 3.15.10 (armv7l)GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
Vendor Status
[21.04.2024] Vulnerability discovered.[22.04.2024] Vendor contacted.
[22.04.2024] Vendor responds.
[02.05.2024] Working with the vendor.
[08.03.2024] Vendor released version 3.08.01 to address this issue.
[05.11.2024] Public security advisory released.
PoC
abb_aspect_obo1.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/182513/ABB-Cylon-Aspect-3.08.00-Off-By-One.html[2] https://cxsecurity.com/issue/WLB-2024110006
Changelog
[05.11.2024] - Initial release[08.11.2024] - Added reference [2]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
