EIP-2026-104148

PRE-CVE

ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104148. PoCs published by LiquidWorm.

AI-analyzed exploit summary The document details hard-coded credentials and encryption keys in ABB Cylon Aspect BMS/BAS controller firmware <=3.08.03, exposing multiple instances of embedded secrets in Java classes. It provides specific examples of usernames, passwords, and keys but does not include functional exploit code.

Description

ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappsmultiple

https://www.exploit-db.com/exploits/52223

View Code ZIP pw:eip

The document details hard-coded credentials and encryption keys in ABB Cylon Aspect BMS/BAS controller firmware <=3.08.03, exposing multiple instances of embedded secrets in Java classes. It provides specific examples of usernames, passwords, and keys but does not include functional exploit code.

Classification

Writeup 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect (NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio) <=3.08.03

No auth needed

Prerequisites: Access to the firmware or system files containing the hard-coded secrets

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026