This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_XLWEB_2_2_11.NBINHoneywell FALCON XL Web Controller Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
70.8%
The remote host is a Honeywell FALCON XL Web SCADA controller that is running a firmware version affected by the following vulnerabilities :
-
The change password page can be accessed without authentication to determine users’ password hashes, which can allow a remote attacker to gain administrative access. (CVE-2014-2717)
-
The web server on the device is affected by multiple cross-site scripting vulnerabilities. (CVE-2014-3110)
Binary data scada_xlweb_2_2_11.nbinRelated
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
70.8%