In the recent news, ABB Cylon Aspect version 3.08.00 has been found to have an authenticated OS command injection vulnerability, as reported by LiquidWorm from zeroscience.mk. This vulnerability allows attackers to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter in the yumSettings.php script.
The affected product versions include NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, and ASPECT-Studio with a firmware version of <=3.08.00. ASPECT is a building energy management and control solution that provides users with seamless access to building data through standard building protocols and smart devices. The vulnerability was discovered by Gjoko 'LiquidWorm' Krstic and can be exploited on various GNU/Linux systems and PHP versions. By leveraging the 'PROXY' HTTP POST parameter, attackers can inject malicious commands and execute them on the target system, potentially leading to unauthorized access and control. To demonstrate the exploit, an attacker can use the curl command to send a POST request to the vulnerable endpoint, specifying the desired command to be executed. In this case, the command "CMD=set&PROXY=;id>/tmp/blah” is used to set a proxy and inject a command to write the output to a temporary file. Subsequently, another curl command is used to trigger the execution of the injected command by setting the footer to display the contents of the temporary file.
This vulnerability poses a significant risk to organizations using ABB Cylon Aspect version 3.08.00, as it could potentially allow malicious actors to gain unauthorized access to sensitive information, manipulate device settings, or disrupt critical operations. It is crucial for users of the affected firmware versions to patch their systems and implement additional security measures to mitigate the risk of exploitation.
In conclusion, the authenticated OS command injection vulnerability in ABB Cylon Aspect version 3.08.00 highlights the importance of proactive cybersecurity practices and the need for timely software updates to address known security issues. By staying vigilant and adopting a comprehensive approach to cybersecurity, organizations can better protect their assets and data from potential cyber threats.