Published: 31/03/2015 Updated: 06/04/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers prior to 2.04.01 allows remote malicious users to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
honeywell excel web xl 1000c50 52 i\\/o
honeywell excel web xl 1000c1000 600 i\\/o uukl
honeywell excel web xl 1000c500 300 i\\/o
honeywell excel web xl 1000c1000 600 i\\/o
honeywell excel web xl 1000c50u 52 i\\/o uukl
honeywell excel web xl 1000c100u 104 i\\/o uukl
honeywell excel web xl 1000c100 104 i\\/o
honeywell excel web xl 1000c500 300 i\\/o uukl

Honeywell XLWEB SCADA controller suffers from a remote path traversal vulnerability that allows for remote code execution ...

CWE-22 https://ics-cert.us-cert.gov/advisories/ICSA-15-076-02 http://seclists.org/fulldisclosure/2015/Apr/79 https://www.outpost24.com/hacking-industrial-control-systems-case-study-falcon/https://nvd.nist.gov https://packetstormsecurity.com/files/131596/Honeywell-XLWEB-SCADA-Path-Traversal.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0984

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect