Cross-Site Scripting Vulnerabilities in Honeywell FALCON XLWeb Devices
CVE-2014-3110

Currently unrated

Key Information:

Vendor: Honeywell
Status: Falcon Xlweb Linux Controller; Falcon Xlweb Xlwebexe
Vendor: CVE Published:; 24 July 2014

What is CVE-2014-3110?

Honeywell FALCON XLWeb devices have multiple cross-site scripting vulnerabilities that could allow remote attackers to inject arbitrary web scripts or HTML through invalid input. This issue affects specific versions of the FALCON XLWeb Linux and XLWebExe controller devices, leading to potential unauthorized actions or information disclosure if exploited.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

x_refsource_MISC

https://www.exploit-db.com/exploits/44749/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/68838

vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Apr 29, 2014