An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
[
{
"product": "Honeywell XL Web II Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Honeywell XL Web II Controller"
}
]
}
]