CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5143

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.2%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/95971
https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
http://www.securityfocus.com/bid/95971
https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01

Products affected by CVE-2017-5143

Honeywell » Xl Web Ii Controller » Version: N/A

cpe:2.3:h:honeywell:xl_web_ii_controller:-
Honeywell » Xl Web Ii Controller » Version: xlwebexe-1-02-08

cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08
Honeywell » Xl Web Ii Controller » Version: xlwebexe-2-01-00

cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5143

Products

Pricing

Contact Us