CVE-2014-2717 : Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON X

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.

Published 2014-07-24 14:55:07

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-2717

Honeywell » Falcon Xlweb Linux Controller
Versions up to, including, (<=) 2.04.01
cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:*:*:*:*:*:*:*:*
Matching versions
Honeywell » Falcon Xlweb Xlwebexe
Versions up to, including, (<=) 2.02.11
cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-2717

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-2717

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2014-2717

http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

Honeywell FALCON XLWeb Controllers Vulnerabilities | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-2717

Products affected by CVE-2014-2717

Exploit prediction scoring system (EPSS) score for CVE-2014-2717

CVSS scores for CVE-2014-2717

References for CVE-2014-2717