Filtered by vendor Honeywell
Subscriptions
Filtered by product Xl Web Ii Controller
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5143 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-11-21 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. | ||||
| CVE-2017-5142 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-11-21 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. | ||||
| CVE-2017-5141 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-11-21 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | ||||
| CVE-2017-5140 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-11-21 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | ||||
| CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-11-21 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | ||||
Page 1 of 1.