Full title: ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service Vulnerabilities Category: web applications Platform: php ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This flaw could be exploited to cause denial of service (DoS) attacks, memory leaks, or buffer overflows, potentially leading to system crashes or further compromise. # 0day.today @ http://0day.today/