CVE-2014-2717 - Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe contro

CVE-2014-2717

Summary

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. <a href="http://cwe.mitre.org/data/definitions/552.html" target="_blank">CWE-552: CWE-552: Files or Directories Accessible to External Parties</a>

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

Vulnerable Configurations

cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:2.04.01:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:2.04.01:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:2.02.11:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:2.02.11:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 25-07-2014 - 13:52)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

misc

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

Last major update

25-07-2014 - 13:52

Published

24-07-2014 - 14:55

Last modified

25-07-2014 - 13:52