Honeywell XL Web Multiple Vulnerabilities CVE-2017-5139CVE-2017-5140CVE-2017-5141CVE-2017-5142CVE-2017-5143
- CVSSv3 Score
- Vulnerability description
Honeywell XL Web is prone to multiple vulnerabilities.
- Risk description
Honeywell XL Web is prone to multiple vulnerabilities: - Any user is able to disclose a password by accessing a specific URL. (CVE-2017-5139) - Password is stored in clear text (CVE-2017-5140) - An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions. (CVE-2017-5141) - A user with low privileges is able to open and change the parameters by accessing a specific URL. (CVE-2017-5142) - A user without authenticating can make a directory traversal attack by accessing a specific URL. (CVE-2017-5143) An unauthenticated attacker may obtain a password and take complete control over the device.
Users are encouraged to contact the local Honeywell HBS branch to have their sites updated to the latest version.
- Not available