CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5139
https://notcve.org/view.php?id=CVE-2017-5139
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web II. Cualquier usuario puede revelar una contraseña accediendo a una URL específica,... • http://www.securityfocus.com/bid/95971 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5140
https://notcve.org/view.php?id=CVE-2017-5140
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. La contraseña se almacena en texto plano. • http://www.securityfocus.com/bid/95971 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5141
https://notcve.org/view.php?id=CVE-2017-5141
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un atacante pue... • http://www.securityfocus.com/bid/95971 • CWE-384: Session Fixation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5142
https://notcve.org/view.php?id=CVE-2017-5142
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un usuario con privilegios bajos puede abrir y cambiar l... • http://www.securityfocus.com/bid/95971 • CWE-269: Improper Privilege Management •
CVSS: 8.6EPSS: 3%CPEs: 3EXPL: 0CVE-2017-5143
https://notcve.org/view.php?id=CVE-2017-5143
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un usuario sin autenticación puede realizar un ataque de desplazamiento de directorios accediendo ... • http://www.securityfocus.com/bid/95971 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •