CVE-2024-6516

CRITICAL

ABB ASPECT Enterprise and NEXUS/MATRIX Series < 3.08.03 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-6516. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in ABB Cylon Aspect's licenseUpload.php. It uploads a malicious .txt file containing an XSS payload, which is stored on the server and executed when accessed by users.

Description

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Exploits (3)

exploitdb WORKING POC
by LiquidWorm · texthardwaremultiple
https://www.exploit-db.com/exploits/52215

This exploit demonstrates a stored XSS vulnerability in ABB Cylon Aspect's licenseUpload.php. It uploads a malicious .txt file containing an XSS payload, which is stored on the server and executed when accessed by users.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ABB Cylon Aspect <=3.08.02
Auth required
Prerequisites: Authenticated access to the licenseUpload.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by LiquidWorm · texthardwaremultiple
https://www.exploit-db.com/exploits/52214

This is a working proof-of-concept for a stored XSS vulnerability in ABB Cylon Aspect's licenseServerUpdate.php. The exploit demonstrates how an authenticated attacker can inject arbitrary JavaScript via the 'host' POST parameter.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ABB Cylon Aspect <=3.08.02
Auth required
Prerequisites: Authenticated access to the ABB Cylon Aspect web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by LiquidWorm · texthardwaremultiple
https://www.exploit-db.com/exploits/52217

This exploit demonstrates an authenticated blind command injection vulnerability in ABB Cylon Aspect's bbmdUpdate.php. The POST parameters (e.g., hexMask2, NAThexMask2) are not sanitized, allowing arbitrary command execution via shell metacharacters (e.g., '; sleep 17; #').

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ABB Cylon Aspect (Firmware <=3.08.02)
Auth required
Prerequisites: Valid PHPSESSID cookie for authentication · Network access to the target's bbmdUpdate.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.0
EPSS 0.0355
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (19)
abb/aspect-ent-12_firmware < 3.08.03
abb/aspect-ent-256_firmware < 3.08.03
abb/aspect-ent-2_firmware < 3.08.03
abb/aspect-ent-96_firmware < 3.08.03
abb/matrix-11_firmware < 3.08.03
abb/matrix-216_firmware < 3.08.03
abb/matrix-232_firmware < 3.08.03
abb/matrix-264_firmware < 3.08.03
abb/matrix-296_firmware < 3.08.03
abb/nexus-2128-a_firmware < 3.08.03
... and 9 more
Published Dec 05, 2024
Tracked Since Feb 18, 2026