HomePentest-Tools.com Logo

Honeywell XL Web Multiple Vulnerabilities CVE-2017-5139CVE-2017-5140CVE-2017-5141CVE-2017-5142CVE-2017-5143

Severity
CVSSv3 Score
8.6
Vulnerability description

Honeywell XL Web is prone to multiple vulnerabilities.

Risk description

Honeywell XL Web is prone to multiple vulnerabilities: - Any user is able to disclose a password by accessing a specific URL. (CVE-2017-5139) - Password is stored in clear text (CVE-2017-5140) - An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions. (CVE-2017-5141) - A user with low privileges is able to open and change the parameters by accessing a specific URL. (CVE-2017-5142) - A user without authenticating can make a directory traversal attack by accessing a specific URL. (CVE-2017-5143) An unauthenticated attacker may obtain a password and take complete control over the device.

Recommendation

Users are encouraged to contact the local Honeywell HBS branch to have their sites updated to the latest version.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 13, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available