CVE-2015-0984 — HIGH (10.0)

Q: How severe is CVE-2015-0984?

CVE-2015-0984 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-0984?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Excel Web Xl 1000C100 104 I\/O, Honeywell Excel Web Xl 1000C1000 600 I\/O, Honeywell Excel Web Xl 1000C1000 600 I\/O Uukl, Honeywell Excel Web Xl 1000C100U 104 I\/O Uukl, Honeywell Excel Web Xl 1000C50 52 I\/O.

Vulnerability Description

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Honeywell	Excel Web Xl 1000C100 104 I\/O	<= 2.04.00
Honeywell	Excel Web Xl 1000C1000 600 I\/O	<= 2.04.00
Honeywell	Excel Web Xl 1000C1000 600 I\/O Uukl	<= 2.04.00
Honeywell	Excel Web Xl 1000C100U 104 I\/O Uukl	<= 2.04.00
Honeywell	Excel Web Xl 1000C50 52 I\/O	<= 2.04.00
Honeywell	Excel Web Xl 1000C500 300 I\/O	<= 2.04.00
Honeywell	Excel Web Xl 1000C500 300 I\/O Uukl	<= 2.04.00
Honeywell	Excel Web Xl 1000C50U 52 I\/O Uukl	<= 2.04.00

Related Weaknesses (CWE)

CWE-22

References

http://seclists.org/fulldisclosure/2015/Apr/79
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-02Third Party AdvisoryUS Government Resource
https://www.outpost24.com/hacking-industrial-control-systems-case-study-falcon/Exploit
http://seclists.org/fulldisclosure/2015/Apr/79
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-02Third Party AdvisoryUS Government Resource
https://www.outpost24.com/hacking-industrial-control-systems-case-study-falcon/Exploit

FAQ

What is CVE-2015-0984?

CVE-2015-0984 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UU...

How severe is CVE-2015-0984?

CVE-2015-0984 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0984?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Excel Web Xl 1000C100 104 I\/O, Honeywell Excel Web Xl 1000C1000 600 I\/O, Honeywell Excel Web Xl 1000C1000 600 I\/O Uukl, Honeywell Excel Web Xl 1000C100U 104 I\/O Uukl, Honeywell Excel Web Xl 1000C50 52 I\/O.