CVE-2017-5140

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...

CVE-2017-5141

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated session...

CVE-2017-5140

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...

CVE-2017-5142

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...

CVE-2017-5140

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text...

Honeywell FALCON XLWeb FTP服务器跨目录漏洞

No description provided by source...

Honeywell FALCON XLWeb系列控制器登录绕过漏洞

No description provided by source...

Honeywell XLWEB SCADA Path Traversal

SCADA - EXPLOITING CVE-2015-0984 FOR SHELL ACCESS This post is a follow up detailing how to achieve control of the actual XLWEB SCADA controller. The vulnerability is assigned with reference CVE-2015-0984. Rather than the application level administrative access as discussed in the email regarding...

CVE-2014-2717

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...

CVE-2014-3110

Multiple cross-site scripting XSS vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input...

Authentication flaw

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input...

CVE-2014-3110

Multiple cross-site scripting XSS vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input...

CVE-2014-2717

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...

CVE-2014-2717

CVE-2014-2717 affects Honeywell FALCON XLWeb controllers (Linux: 2.04.01 and earlier; XLWebExe: 2.02.11 and earlier). The vulnerability allows remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. NVD lists a CVSS v2 base score of 7.6 (AV...

CVE-2014-3110

CVE-2014-3110 affects Honeywell FALCON XLWeb controllers: Linux XLWeb (2.04.01 or earlier) and XLWebExe (2.02.11 or earlier). The vulnerability is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary HTML/JS via invalid input in the web interface. Th...

Honeywell FALCON XLWeb Controllers Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. Martin Jartelius of Outpost24 has identified an authentication bypass vulnerability in Honeywell FALCON XLWeb controllers. Juan Francisco Boliv...