CVE-2017-5141

Name of the Vulnerable Software and Affected Versions Honeywell XL Web II controller XL1000C500 versions XLWebExe-2-01-00 and prior Honeywell XLWeb 500 versions XLWebExe-1-02-08 and prior

Description An issue allows an attacker to establish a new user session without invalidating any existing session identifier, giving the opportunity to steal authenticated sessions, also known as session fixation. This occurs when an attacker can fixate a session identifier on a client, allowing them to potentially hijack the session after the user has authenticated.

Recommendations For Honeywell XL Web II controller XL1000C500 versions XLWebExe-2-01-00 and prior, update to a version later than XLWebExe-2-01-00 to resolve the issue. For Honeywell XLWeb 500 versions XLWebExe-1-02-08 and prior, update to a version later than XLWebExe-1-02-08 to resolve the issue.