|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-04-29 | |
| Rule Name: | ABB Cylon Aspect 3.08.02 ethernetUpdate.php Authenticated Path Traversal Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The ABB Cylon controller suffers from an authenticated path traversal vulnerability. This can be exploited through the 'devName' POST parameter in the ethernetUpdate.php script to write partially controlled content, such as IP address values, into arbitrary file paths, potentially leading to configuration tampering and system compromise including denial of service scenario through ethernet configuration backup file overwrite. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |