Honeywell - Xl Web Ii Controller CVE

Filtered by vendor Honeywell Subscribe

Filtered by product Xl Web Ii Controller

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-5141	1 Honeywell	1 Xl Web Ii Controller	2017-02-17	6.5 MEDIUM	6.0 MEDIUM
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).

Vulnerabilities (CVE)