CVE-2015-0984

Name of the Vulnerable Software and Affected Versions Honeywell Excel Web XL1000C50 52 I/O versions prior to 2.04.01 Honeywell Excel Web XL1000C100 104 I/O versions prior to 2.04.01 Honeywell Excel Web XL1000C500 300 I/O versions prior to 2.04.01 Honeywell Excel Web XL1000C1000 600 I/O versions prior to 2.04.01 Honeywell Excel Web XL1000C50U 52 I/O UUKL versions prior to 2.04.01 Honeywell Excel Web XL1000C100U 104 I/O UUKL versions prior to 2.04.01 Honeywell Excel Web XL1000C500U 300 I/O UUKL versions prior to 2.04.01 Honeywell Excel Web XL1000C1000U 600 I/O UUKL versions prior to 2.04.01

Description The issue exists due to insufficient restriction of the directory path name. Exploitation of this issue may allow a remote attacker to read files under the web root and obtain administrative login access via a crafted pathname.

Recommendations For versions prior to 2.04.01, update to version 2.04.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP server until a patch is available. Avoid using crafted pathnames in the FTP server to minimize the risk of exploitation.