Vulnerabilities > Honeywell > XL WEB II Controller

DATE CVE VULNERABILITY TITLE RISK
2017-02-13 CVE-2017-5143 Path Traversal vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-22
8.6
8.6
2017-02-13 CVE-2017-5142 Improper Privilege Management vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-269
critical
 9.1
9.1
2017-02-13 CVE-2017-5141 Session Fixation vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-384
6.0
6.0
2017-02-13 CVE-2017-5140 Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-522
critical
 9.8
9.8
2017-02-13 CVE-2017-5139 Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior.
network
low complexity
honeywell CWE-522
critical
 9.8
9.8