Vulnerabilities (CVE)

Filtered by vendor Honeywell Subscribe
Filtered by product Xl Web Ii Controller
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5142 1 Honeywell 1 Xl Web Ii Controller 2024-02-04 6.5 MEDIUM 9.1 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.
CVE-2017-5143 1 Honeywell 1 Xl Web Ii Controller 2024-02-04 7.5 HIGH 8.6 HIGH
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
CVE-2017-5139 1 Honeywell 1 Xl Web Ii Controller 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.
CVE-2017-5141 1 Honeywell 1 Xl Web Ii Controller 2024-02-04 6.5 MEDIUM 6.0 MEDIUM
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).
CVE-2017-5140 1 Honeywell 1 Xl Web Ii Controller 2024-02-04 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.