Lucene search
HistoryJul 24, 2014 - 2:55 p.m.
CVE-2014-2717
cve-2014-2717
honeywell
falcon xlweb
linux
xlwebexe
controller devices
authentication bypass
administrative access
nvd
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.7%
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
Affected configurations
Node
honeywellfalcon_xlweb_linux_controllerRange≤2.04.01
ORhoneywellfalcon_xlweb_xlwebexeRange≤2.02.11
Related
prion
prion
Authentication flaw
2014-07-24 14:55:00
cvelist
cvelist
CVE-2014-2717
2014-07-24 14:00:00
nvd
nvd
CVE-2014-2717
2014-07-24 14:55:07
ics
ics
Honeywell FALCON XLWeb Controllers Vulnerabilities
2018-09-06 12:00:00
packetstorm
packetstorm
Honeywell XLWEB SCADA Path Traversal
2015-04-23 00:00:00
nessus
nessus
Honeywell FALCON XL Web Controller Multiple Vulnerabilities
2014-08-25 00:00:00
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.7%
Related for CVE-2014-2717