Xl Web Ii Controller@xlwebexe-2-01-00 Security Vulnerabilities and Issues — Xl Web Ii Controller@xlwebexe-2-01-00 CVE List

Lucene search

HoneywellXl Web Ii Controllerxlwebexe-2-01-00

5 matches found

CVE•added 2017/02/13 9:59 p.m.•53 views

CVE-2017-5142

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.

9.1CVSS9.1AI score0.00332EPSS

CVE•added 2017/02/13 9:59 p.m.•49 views

CVE-2017-5139

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.

9.8CVSS9.3AI score0.00419EPSS

CVE•added 2017/02/13 9:59 p.m.•42 views

CVE-2017-5140

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.

9.8CVSS9.3AI score0.00419EPSS

CVE•added 2017/02/13 9:59 p.m.•35 views

CVE-2017-5143

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

8.6CVSS8.8AI score0.03159EPSS

CVE•added 2017/02/13 9:59 p.m.•34 views

CVE-2017-5141

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions ...

6.5CVSS6.5AI score0.00453EPSS