Horizon Alert
Summary of the vulnerability and why it matters
This critical vulnerability in Eclipse BaSyx Java Server SDK allows unauthenticated attackers to write arbitrary files to the server by exploiting the AAS thumbnail API, potentially leading to remote code execution if the MongoDB backend is used. The main concern is confirming relevance and exposure, as the vulnerability lies within an API commonly exposed in web-based deployments.
- Unauthenticated file writes possible via thumbnail API.
- Critical vulnerability could lead to code execution.
- Confirm relevance and exposure of affected systems.
Attack Path
How an attacker could exploit the issue
An attacker could exploit this vulnerability by sending specially crafted requests to the AAS thumbnail API, bypassing authentication. This API, when configured with a MongoDB backend, mishandles filenames, treating them as both storage keys and file paths. By providing an absolute or traversal-style filename, an attacker could cause arbitrary files to be written to the server's filesystem, potentially leading to code execution.
- Unauthenticated network access needed.
- Uploading a malicious filename to the API.
- Arbitrary file write on server.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, deployments using the MongoDB backend could allow an unauthenticated remote attacker to write arbitrary files to the server's filesystem by exploiting the AAS thumbnail API. This could potentially lead to remote code execution, affecting any data or system the Java process has write permissions for.
- Arbitrary file writes on the server.
- Malicious filenames in API requests.
- Potential for remote code execution.
Operational Fix
Recommended remediation, mitigation, and detection steps
Teams responsible for application platforms and infrastructure hosting the Eclipse BaSyx Java Server SDK should prioritize identifying affected deployments. The first practical move is to locate all instances, determine their exposure and criticality, and identify the accountable owner for remediation planning.
- Own by application or platform team.
- Verify MongoDB backend usage and reachability.
- Plan remediation based on identified risk.