25 matches found
EUVD-2017-14252
Malware in sbrugna...
EUVD-2017-14248
Malware in sbrugna...
EUVD-2017-14249
Malware in sbrugna...
CVE-2017-5143
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL...
CVE-2017-5142
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5142
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5140
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...
CVE-2017-5141
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated session...
Default credentials
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password...
Design/Logic Flaw
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...
Session fixation
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated session...
Directory traversal
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL...
Design/Logic Flaw
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5140
CVE-2017-5140 affects Honeywell XL Web II controller family (XL1000C500 XLWebExe-2-01-00 and earlier; XLWeb 500 XLWebExe-1-02-08 and earlier). Root cause: passwords stored in clear text, enabling password disclosure via a specific URL. The vulnerability can be exploited remotely; ICS-CERT notes a...
CVE-2017-5139
CVE-2017-5139 affects Honeywell XL Web II controller family (XL1000C500 XLWebExe-2-01-00 and prior; XLWeb 500 XLWebExe-1-02-08 and prior). Root cause: plaintext storage of a password, enabling password disclosure via a specific URL. Impact per sources: remote exposure of passwords, with high-seve...
CVE-2017-5141
The CVE-2017-5141 issue affects Honeywell XL Web II controllers: XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. The vulnerability allows an attacker to establish a new user session without invalidating an existing session identifier, enabling session fixation and...
CVE-2017-5139
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password...
CVE-2017-5142
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5141
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated session...
CVE-2017-5143
The CVE-2017-5143 issue affects Honeywell XL Web II controllers (XL1000C500 XLWebExe-2-01-00 and prior) and XLWeb 500 XLWebExe-1-02-08 and prior. A directory traversal vulnerability allows an unauthenticated user to access a crafted URL, enabling path traversal on the device. Connected sources co...