CVE-2014-2717

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
honeywellfalcon_xlweb_linux_controller
𝑥
≤ 2.04.01
honeywellfalcon_xlweb_xlwebexe
𝑥
≤ 2.02.11
𝑥
= Vulnerable software versions
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01