"High-Risk Vulnerabilities Patched in ABB Aspect Building Management System"
Prism Infosec discovered two high-risk vulnerabilities in ABB's Aspect Control Engine Building Management System (BMS). Users can monitor a building's performance with ABB's Aspect BMS, which combines real-time integrated control, supervision, data logging, alarms, scheduling, and network management features with Internet connectivity and web serving capabilities. Therefore, users can examine system status, change setpoints and schedules, and more through their desktop, laptop, or mobile phone devices. The two vulnerabilities impact versions before 3.07.01. They could lead to Remote Code Execution (RCE) and privilege escalation within the Aspect Control Engine software, potentially granting an attacker complete control over the BMS. This article continues to discuss the discovery and potential impact of the two high-risk vulnerabilities in the Aspect Control Engine BMS developed by ABB.