VYPR

Xl Web Ii Controller

by Honeywell

CVEs (5)

  • CVE-2017-5140CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.

  • CVE-2017-5139CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.

  • CVE-2017-5142CriFeb 13, 2017
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.

  • CVE-2017-5143HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.02

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

  • CVE-2017-5141MedFeb 13, 2017
    risk 0.39cvss 6.0epss 0.01

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal…