← Back to home
ICSA-15-076-02  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Honeywell XL Web Controller Directory Traversal Vulnerability

CVSS 10.0 CRITICAL

CVEs (1)

Remediations

  • The update for this vulnerability is Excel Web Linux version 2.04.01 (March, 2014) or later plus the programming tool CARE version 10.02 (March 2014) or later
  • Customers are encouraged to contact their local Honeywell HBS branch to have their sites updated to the latest version
  • In the Centraline partner channel, Excel Web controllers also have been sold under the brand name “FALCON”
  • Centraline partners can directly access (http://www.centraline.com) and get these versions
  • Linux: (https://www.centraline.com/index.php?id=847&route=article/index&directory_id=140&direct_link=1)
  • CARE: (https://www.centraline.com/index.php?id=847&route=article/index&directory_id=138&direct_link=1)

Affected Vendors

Honeywell

Affected Products (5)

Honeywell · EXCEL WEB 52 I/O XL1000C50
Honeywell · EXCEL WEB 52 I/O XL1001C52
Honeywell · EXCEL WEB 52 I/O XL1002C54
Honeywell · EXCEL WEB 52 I/O XL1003C56
Honeywell · EXCEL WEB 52 I/O XL1004C58

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more