BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boilers, chillers, cooling towers, heat pump systems, air handling units (constant volume, variable air volume, and multi-zone), rooftop units, electrical systems such as lighting control, variable frequency drives and metering.
The FLXeon Controller Series uses BACnet/IP standards to deliver unprecedented connectivity and open integration for your building automation systems. It's scalable, and modular, allowing you to control a diverse range of HVAC functions.
The ABB Cylon FLXeon BACnet controller's /api/uukl.js module implements password verification and update mechanisms using the insecure MD5 hash function alongside weak salt generation via Math.random(). This constitutes a cryptographic vulnerability where password hashes are susceptible to collision and brute-force attacks due to MD5's known weaknesses and the low entropy of the salt. Specifically, in the verify() and change() functions, passwords are hashed using MD5 with predictable, non-cryptographically secure salts, then stored in plaintext-accessible files. This undermines the integrity of the authentication process, enabling attackers with file system access or knowledge of the implementation to precompute hash values or mount dictionary attacks.