CVE-2017-5142

Name of the Vulnerable Software and Affected Versions Honeywell XL Web II controller XL1000C500 versions XLWebExe-2-01-00 and prior Honeywell XLWeb 500 versions XLWebExe-1-02-08 and prior

Description The issue is related to improper privilege management, allowing a user with low privileges to modify parameters by accessing a specific URL.

Recommendations For Honeywell XL Web II controller XL1000C500 versions XLWebExe-2-01-00 and prior, update to a version later than XLWebExe-2-01-00 to resolve the issue. For Honeywell XLWeb 500 versions XLWebExe-1-02-08 and prior, update to a version later than XLWebExe-1-02-08 to resolve the issue. As a temporary workaround, consider restricting access to the specific URL that allows parameter modification until a patch is available.