Authentication Bypass Vulnerability in Honeywell FALCON XLWeb Devices
CVE-2014-2717

Currently unrated

Key Information:

Vendor: Honeywell
Status: Falcon Xlweb Linux Controller; Falcon Xlweb Xlwebexe
Vendor: CVE Published:; 24 July 2014

What is CVE-2014-2717?

Certain Honeywell FALCON XLWeb devices allow remote attackers to bypass authentication mechanisms by navigating to the change-password page. This flaw enables unauthorized individuals to obtain administrative access, posing a significant risk to the security of industrial control systems. Affected devices include specific versions of the FALCON XLWeb Linux controller and XLWebExe controller, highlighting the need for prompt updates and mitigations.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Apr 1, 2014