Honeywell FALCON XL Web Controller Multiple Vulnerabilities
High Nessus Plugin ID 77375
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is a Honeywell FALCON XL Web SCADA controller that is running a firmware version affected by the following vulnerabilities :
- The change password page can be accessed without authentication to determine users' password hashes, which can allow a remote attacker to gain administrative access. (CVE-2014-2717)
- The web server on the device is affected by multiple cross-site scripting vulnerabilities. (CVE-2014-3110)
SolutionContact the vendor for the latest available updates.