CVE-2014-2717

EUVD-2014-2745
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
honeywellfalcon_xlweb_linux_controller
𝑥
≤ 2.04.01
honeywellfalcon_xlweb_xlwebexe
𝑥
≤ 2.02.11
𝑥
= Vulnerable software versions
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01