Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Honeywell XL Web Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Honeywell XL Web is prone to multiple vulnerabilities.
Insight
Insight
Honeywell XL Web is prone to multiple vulnerabilities: - Any user is able to disclose a password by accessing a specific URL. (CVE-2017-5139) - Password is stored in clear text (CVE-2017-5140) - An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions. (CVE-2017-5141) - A user with low privileges is able to open and change the parameters by accessing a specific URL. (CVE-2017-5142) - A user without authenticating can make a directory traversal attack by accessing a specific URL. (CVE-2017-5143)
Affected Software
Affected Software
XL1000C500 XLWebExe-2-01-00 and prior and XLWeb 500 XLWebExe-1-02-08 and prior.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Users are encouraged to contact the local Honeywell HBS branch to have their sites updated to the latest version.