[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-6992":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":51,"name":52,"published":53,"updated":34},6992,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":41,"epss_score":42,"epss_percentile":43,"cve":44,"in_cisa_catalog":50,"date":34,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"high","Honeywell XL Web is prone to multiple vulnerabilities: - Any user is able to disclose a password by accessing a specific URL. (CVE-2017-5139) - Password is stored in clear text (CVE-2017-5140) - An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions. (CVE-2017-5141) - A user with low privileges is able to open and change the parameters by accessing a specific URL. (CVE-2017-5142) - A user without authenticating can make a directory traversal attack by accessing a specific URL. (CVE-2017-5143) An unauthenticated attacker may obtain a password and take complete control over the device.","Honeywell XL Web is prone to multiple vulnerabilities.","Users are encouraged to contact the local Honeywell HBS branch to have their sites updated to the latest version.",[40],"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01",8.6,0.03159,0.86888,[45,46,47,48,49],"CVE-2017-5139","CVE-2017-5140","CVE-2017-5141","CVE-2017-5142","CVE-2017-5143",false,"NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.106561","Honeywell XL Web Multiple Vulnerabilities","2018-01-02T00:00:00Z"]