HomePentest-Tools.com Logo

Honeywell XL Web Multiple Vulnerabilities CVE-2017-5139CVE-2017-5140CVE-2017-5141CVE-2017-5142CVE-2017-5143

CVSSv3 Score
Vulnerability description

Honeywell XL Web is prone to multiple vulnerabilities.

Risk description

Honeywell XL Web is prone to multiple vulnerabilities: - Any user is able to disclose a password by accessing a specific URL. (CVE-2017-5139) - Password is stored in clear text (CVE-2017-5140) - An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions. (CVE-2017-5141) - A user with low privileges is able to open and change the parameters by accessing a specific URL. (CVE-2017-5142) - A user without authenticating can make a directory traversal attack by accessing a specific URL. (CVE-2017-5143) An unauthenticated attacker may obtain a password and take complete control over the device.


Users are encouraged to contact the local Honeywell HBS branch to have their sites updated to the latest version.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Feb 13, 2017
Detection added at
Software Type
Not available
Not available
Not available