EIP-2026-104689

PRE-CVE

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104689. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authenticated path traversal vulnerability in ABB Cylon Aspect's ethernetUpdate.php script, allowing arbitrary file writes via the 'devName' POST parameter. The PoC shows how to overwrite configuration files, potentially leading to system compromise or DoS.

Description

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · texthardwarephp

https://www.exploit-db.com/exploits/52252

View Code ZIP pw:eip

This exploit demonstrates an authenticated path traversal vulnerability in ABB Cylon Aspect's ethernetUpdate.php script, allowing arbitrary file writes via the 'devName' POST parameter. The PoC shows how to overwrite configuration files, potentially leading to system compromise or DoS.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect <=3.08.02

Auth required

Prerequisites: Authenticated session (PHPSESSID cookie) · Network access to the target

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026