Описание
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00453
Низкий
6 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 6
github
больше 3 лет назад
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).
EPSS
Процентиль: 63%
0.00453
Низкий
6 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-384