| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-5139 | 5.0 |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password
|
03-10-2019 - 00:03 | 13-02-2017 - 21:59 | |
| CVE-2017-5140 | 5.0 |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
|
03-10-2019 - 00:03 | 13-02-2017 - 21:59 | |
| CVE-2017-5142 | 6.5 |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Imp
|
03-10-2019 - 00:03 | 13-02-2017 - 21:59 | |
| CVE-2017-5141 | 6.5 |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives
|
17-02-2017 - 13:13 | 13-02-2017 - 21:59 | |
| CVE-2017-5143 | 7.5 |
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
|
16-02-2017 - 16:33 | 13-02-2017 - 21:59 |