CVE-2014-2717
published 2014-07-24CVE-2014-2717: Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to…
PriorityP350high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
3.74%
88.5th percentile
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| honeywell | falcon_xlweb_linux_controller | <= 2.04.01 | — |
| honeywell | falcon_xlweb_xlwebexe | <= 2.02.11 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9428-xwc8-946m: Honeywell FALCON XLWeb Linux controller devices 2
ghsa_unreviewed·2022-05-17
CVE-2014-2717 [HIGH] GHSA-9428-xwc8-946m: Honeywell FALCON XLWeb Linux controller devices 2
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
CISA ICS
Honeywell FALCON XLWeb Controllers Vulnerabilities
cisa_ics·2018-09-06
Honeywell FALCON XLWeb Controllers Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Honeywell FALCON XLWeb Controllers Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-175-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site.
Martin Jartelius of Outpost24 has identified an authentication bypass vulnerability in Honeywell FALCON XLWeb controllers. Juan Francisco Bolivar has identified cross-site scripting vulnerabilities in Honeywell FALCON XLWeb controllers. Honeywell has produced an update that mitigates both vulnerabilities. Mr. Jartelius
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-07-24
Published