EIP-2026-103757

PRE-CVE

ABB Cylon FLXeon 9.3.4 - Default Credentials

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103757. PoCs published by LiquidWorm.

AI-analyzed exploit summary This advisory details the use of weak default credentials in ABB Cylon FLXeon BACnet controllers, allowing remote attackers to gain full control of the system. The document lists affected versions and provides default credentials for authentication bypass.

Description

ABB Cylon FLXeon 9.3.4 - Default Credentials

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · texthardwaremultiple

https://www.exploit-db.com/exploits/52179

View Code ZIP pw:eip

This advisory details the use of weak default credentials in ABB Cylon FLXeon BACnet controllers, allowing remote attackers to gain full control of the system. The document lists affected versions and provides default credentials for authentication bypass.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon FLXeon Series (FBXi, FBTi, FBVi, CBX, CBT, CBV, UC32 Series) Firmware <=9.3.4

No auth needed

Prerequisites: Network access to the BACnet controller · Knowledge of default credentials

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026