Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- ABB Cylon Aspect 3.07.02 user.properties Default Credentials[6]
- Authored by LiquidWorm[7] | Site zeroscience.mk[8]
-
ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system.
- SHA-256 |
abdeff4284c7fe44c3e55417d31b7d1ca3841538897dfe4c0808b510db1dacc3 - Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials
Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: <=3.07.02
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The ABB BMS/BAS controller uses a weak set of default administrative
credentials that can be guessed in remote password attacks and gain full
control of the system.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5840
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5840.php
21.04.2024
--
$ cat project
P R O J E C T
.|
| |
|'| ._____
___ | | |. |' .---"|
_ .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
____| '-' ' "" '-' '-.' '` |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░
$ cat /home/MIX_CMIX/htmlroot/user.properties
#Users
#Mon Mar 20 13:30 EDT 2016
guest=6775657374
aamuser=64656661756c74
Using Utils::Hex2String in AuthSession.php:
guest:guest
aamuser:default
Follow us on Twitter
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[19] (933)
- Advisory[20] (87,158)
- Arbitrary[21] (17,145)
- BBS[22] (2,859)
- Bypass[23] (1,933)
- CGI[24] (1,049)
- Code Execution[25] (7,948)
- Conference[26] (693)
- Cracker[27] (845)
- CSRF[28] (3,440)
- DoS[29] (25,345)
- Encryption[30] (2,396)
- Exploit[31] (54,422)
- File Inclusion[32] (4,279)
- File Upload[33] (1,027)
- Firewall[34] (822)
- Info Disclosure[35] (2,930)
- Intrusion Detection[36] (923)
- Java[37] (3,156)
- JavaScript[38] (910)
- Kernel[39] (7,324)
- Local[40] (14,874)
- Magazine[41] (587)
- Overflow[42] (13,235)
- Perl[43] (1,435)
- PHP[44] (5,314)
- Proof of Concept[45] (2,417)
- Protocol[46] (3,757)
- Python[47] (1,666)
- Remote[48] (31,949)
- Root[49] (3,676)
- Rootkit[50] (530)
- Ruby[51] (644)
- Scanner[52] (1,660)
- Security Tool[53] (8,060)
- Shell[54] (3,316)
- Shellcode[55] (1,219)
- Sniffer[56] (905)
- Spoof[57] (2,297)
- SQL Injection[58] (16,741)
- TCP[59] (2,463)
- Trojan[60] (690)
- UDP[61] (919)
- Virus[62] (675)
- Vulnerability[63] (33,166)
- Web[64] (10,158)
- Whitepaper[65] (3,785)
- x86[66] (970)
- XSS[67] (18,311)
- Other[68]
File Archives
- October 2024[69]
- September 2024[70]
- August 2024[71]
- July 2024[72]
- June 2024[73]
- May 2024[74]
- April 2024[75]
- March 2024[76]
- February 2024[77]
- January 2024[78]
- December 2023[79]
- November 2023[80]
- Older[81]
Systems
- AIX[82] (430)
- Apple[83] (2,117)
- BSD[84] (378)
- CentOS[85] (61)
- Cisco[86] (1,954)
- Debian[87] (7,140)
- Fedora[88] (1,693)
- FreeBSD[89] (1,247)
- Gentoo[90] (4,599)
- HPUX[91] (881)
- iOS[92] (391)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (71)
- Linux[96] (51,531)
- Mac OS X[97] (696)
- Mandriva[98] (3,105)
- NetBSD[99] (256)
- OpenBSD[100] (490)
- RedHat[101] (17,026)
- Slackware[102] (941)
- Solaris[103] (1,615)
- SUSE[104] (1,444)
- Ubuntu[105] (9,914)
- UNIX[106] (9,469)
- UnixWare[107] (188)
- Windows[108] (6,784)
- Other[109]
© 2024 Packet Storm. All rights reserved.
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
