CVE-2024-48849

CRITICAL

ABB FLXEON <= 9.3.4 - Missing Origin Validation in WebSockets

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48849. PoCs published by LiquidWorm.

AI-analyzed exploit summary This PoC exploits an unauthenticated WebSocket interface in ABB Cylon FLXeon BACnet controllers to spawn tcpdump processes, leading to resource exhaustion or data exfiltration. It sends JSONRPC commands to start and stop tcpdump captures on specific ports.

Description

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · texthardwaremultiple

https://www.exploit-db.com/exploits/52184

View Code ZIP pw:eip

This PoC exploits an unauthenticated WebSocket interface in ABB Cylon FLXeon BACnet controllers to spawn tcpdump processes, leading to resource exhaustion or data exfiltration. It sends JSONRPC commands to start and stop tcpdump captures on specific ports.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon FLXeon Series (FBXi, FBTi, FBVi, CBX, CBT, CBV) with firmware <=9.3.4

No auth needed

Prerequisites: Network access to the target device's WebSocket interface (wss://<IP>:443/ws) · websocat tool installed

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch

Scores

CVSS v3 9.4

EPSS 0.0015

EPSS Percentile 35.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1385

Status published

Products (1)

ABB/FLXEON < <= 9.3.4

Published Jan 29, 2025

Tracked Since Feb 18, 2026