Описание
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03159
Низкий
8.6 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
EPSS
Процентиль: 87%
0.03159
Низкий
8.6 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22