CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
70.6%
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
Vendor | Product | Version | CPE |
---|---|---|---|
honeywell | falcon_xlweb_linux_controller | * | cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:*:*:*:*:*:*:*:* |
honeywell | falcon_xlweb_xlwebexe | * | cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:*:*:*:*:*:*:*:* |