25 matches found
EUVD-2017-14248
Malware in sbrugna...
EUVD-2017-14249
Malware in sbrugna...
EUVD-2017-14252
Malware in sbrugna...
CVE-2017-5141
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated session...
CVE-2017-5140
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...
CVE-2017-5142
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5142
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5143
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL...
Design/Logic Flaw
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
Default credentials
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password...
Session fixation
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated session...
Directory traversal
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL...
Design/Logic Flaw
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...
CVE-2017-5140
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...
CVE-2017-5143
The CVE-2017-5143 issue affects Honeywell XL Web II controllers (XL1000C500 XLWebExe-2-01-00 and prior) and XLWeb 500 XLWebExe-1-02-08 and prior. A directory traversal vulnerability allows an unauthenticated user to access a crafted URL, enabling path traversal on the device. Connected sources co...
CVE-2017-5142
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...
CVE-2017-5143
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL...
CVE-2017-5141
The CVE-2017-5141 issue affects Honeywell XL Web II controllers: XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. The vulnerability allows an attacker to establish a new user session without invalidating an existing session identifier, enabling session fixation and...
CVE-2017-5140
CVE-2017-5140 affects Honeywell XL Web II controller family (XL1000C500 XLWebExe-2-01-00 and earlier; XLWeb 500 XLWebExe-1-02-08 and earlier). Root cause: passwords stored in clear text, enabling password disclosure via a specific URL. The vulnerability can be exploited remotely; ICS-CERT notes a...
CVE-2017-5142
The CVE-2017-5142 issue affects Honeywell XL Web II controllers (XL1000C500 XLWebExe-2-01-00 and prior; XLWeb 500 XLWebExe-1-02-08 and prior). It stems from Improper Privilege Management, enabling a user with low privileges to open and change parameters by accessing a specific URL. Exploitation c...