CVE-2014-2717 — HIGH (7.6) — White Hats Nepal

Q: How severe is CVE-2014-2717?

CVE-2014-2717 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2717?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Falcon Xlweb Linux Controller, Honeywell Falcon Xlweb Xlwebexe.

Vulnerability Description

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Honeywell	Falcon Xlweb Linux Controller	<= 2.04.01
Honeywell	Falcon Xlweb Xlwebexe	<= 2.02.11

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01Third Party AdvisoryUS Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2014-2717?

CVE-2014-2717 is a vulnerability with a CVSS score of 7.6 (HIGH). Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administ...

How severe is CVE-2014-2717?

CVE-2014-2717 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2717?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Falcon Xlweb Linux Controller, Honeywell Falcon Xlweb Xlwebexe.