CVE-2014-2717 HIGH

Published: 2014-07-24 | Last Modified: 2026-06-17 | Status: Modified

Description

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.

Additional Descriptions (1)

Los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anetriores permiten a atacantes remotos evadir la autenticación y obtener el acceso administrativo mediante la visita a la página del cambio de contraseña.

CVSS Metrics

Base Score: 7.6 (HIGH)

AV:N/AC:H/Au:N/C:C/I:C/A:C

Access Vector	NETWORK
Access Complexity	HIGH
Authentication	NONE
Confidentiality Impact	COMPLETE
Integrity Impact	COMPLETE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 4.9

Impact Score: 10.0

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-Other

Affected Products

Vendor	Product	Version	Update	Type
honeywell	falcon_xlweb_linux_controller	*	<built-in method update of dict object at 0x7c3bf291db80>	Hardware
honeywell	falcon_xlweb_xlwebexe	*	<built-in method update of dict object at 0x7c3bf291dc00>	Hardware

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:h:honeywell:falcon_xlweb_linux_controller::::::::`
Yes	`cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe::::::::`

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01
Source: [email protected]

Third Party Advisory US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource