RSS   Vulnerabilities for 'Xl web ii controller'   RSS

2017-02-13
 
CVE-2017-5143

 

 
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

 
 
CVE-2017-5142

 

 
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.

 
 
CVE-2017-5141

 

 
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).

 
 
CVE-2017-5140

 

 
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.

 
 
CVE-2017-5139

 

 
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.

 

 >>> Vendor: Honeywell 50 Products
Ademco atnbaseloader100 module
Scanserver activex control
Comfortpoint open manager station
Enterprise buildings integrator
Symmetre
Falcon xlweb linux controller
Falcon xlweb xlwebexe
Opos suite
Excel web xl 1000c1000 600 i/o
Excel web xl 1000c1000 600 i/o uukl
Excel web xl 1000c100 104 i/o
Excel web xl 1000c100u 104 i/o uukl
Excel web xl 1000c500 300 i/o
Excel web xl 1000c500 300 i/o uukl
Excel web xl 1000c50 52 i/o
Excel web xl 1000c50u 52 i/o uukl
Tuxedo touch
Midas black firmware
Midas firmware
Uniformance process history database
Xl web ii controller
Experion process knowledge system
Intermec pm23 firmware
Intermec pc42 firmware
Intermec pc23 firmware
Intermec pm43 firmware
Intermec pc43 firmware
Intermec pd43 firmware
Intermec pm42 firmware
Maxpro nvr pe firmware
Maxpro nvr se firmware
Enterprise dvr firmware
Maxpro nvr xe firmware
Maxpro nvr hybrid se firmware
Maxpro nvr hybrid xe firmware
Fusion iv rev c firmware
CK75
CN51
CN75
Cn75e
CN80
CT40
CT50
CT60
D75E
Eda50
Eda50k
Eda51
Eda60k
Eda70


Copyright 2019, cxsecurity.com

 

Back to Top