EIP-2026-104690

PRE-CVE

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104690. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates an input validation bypass in ABB Cylon Aspect's webServerUpdate.php script, allowing arbitrary integer values to be submitted for the port parameter, leading to configuration poisoning or DoS. The provided cURL command successfully injects an excessively large port number, confirming the vulnerability.

Description

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · texthardwarephp

https://www.exploit-db.com/exploits/52219

View Code ZIP pw:eip

The exploit demonstrates an input validation bypass in ABB Cylon Aspect's webServerUpdate.php script, allowing arbitrary integer values to be submitted for the port parameter, leading to configuration poisoning or DoS. The provided cURL command successfully injects an excessively large port number, confirming the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect (Firmware <= 3.08.02)

No auth needed

Prerequisites: Network access to the target device · webServerUpdate.php endpoint accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026