CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2717 – Honeywell Falcon Administrative Bypass
https://notcve.org/view.php?id=CVE-2014-2717
24 Jul 2014 — Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. Los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anetriores permiten a atacantes remotos evadir la autenticación y obtener el acceso administrativo mediante la vis... • http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01 •
CVSS: 6.1EPSS: 13%CPEs: 2EXPL: 2CVE-2014-3110 – Honeywell XL Web Controller - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3110
24 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input. Múltiples vulnerabilidades de XSS en los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anteriores permiten a atacantes remotos inyectar secuencias ... • https://packetstorm.news/files/id/147863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •