Headline
ABB Cylon Aspect Studio 3.08.03 (CylonLicence.dll) Binary Planting
A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary(“CylonLicence”) without a full path, falling back to the standard library search order. If an attacker can plant a malicious CylonLicence.dll in a writable directory that is searched before the legitimate library path, this DLL will be loaded and executed with the privileges of the user running the application. This flaw enables arbitrary code execution and can be exploited for privilege escalation or persistence, especially in environments where the application is executed by privileged users.
Title: ABB Cylon Aspect Studio 3.08.03 (CylonLicence.dll) Binary Planting
Advisory ID: ZSL-2025-5952
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 22.05.2025
Summary
ABB Cylon ASPECT Studio is a graphical programming tool and integrated development environment (IDE) for ABB Cylon ASPECT products. It’s used to engineer comprehensive area control and graphical user interface (GUI) solutions, containing a library of logical and graphical widgets. It allows users to monitor and control facilities from anywhere, providing insights into building performance and enabling timely reactions to issues.
Description
A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary(“CylonLicence”) without a full path, falling back to the standard library search order. If an attacker can plant a malicious CylonLicence.dll in a writable directory that is searched before the legitimate library path, this DLL will be loaded and executed with the privileges of the user running the application. This flaw enables arbitrary code execution and can be exploited for privilege escalation or persistence, especially in environments where the application is executed by privileged users.
Vendor
ABB Ltd. - https://www.global.abb
Affected Version
ASPECT-Studio <=3.08.03
Tested On
Microsoft Windows 10 Home (EN)
OpenJDK 64-Bit Server VM Temurin-21.0.6+7
Vendor Status
[21.04.2024] Vulnerability discovered.
[22.04.2024] Vendor contacted.
[22.04.2024] Vendor responds.
[02.05.2024] Working with the vendor.
[21.05.2025] No response from the vendor.
[22.05.2025] Public security advisory released.
PoC
CylonLicence.cpp
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5951.php
[2] https://packetstorm.news/files/id/194981/
[3] https://www.exploit-db.com/exploits/52306
Changelog
[22.05.2025] - Initial release
[26.05.2025] - Added reference [2] and [3]
Contact
Zero Science Lab
Web: https://www.zeroscience.mk
e-mail: [email protected]