ICSA-17-033-01 · Published 2017-02-02 · View on CISA ICS-CERT ↗

Honeywell XL Web II Controller Vulnerabilities

CVSS 8.6 HIGH

Risk Summary

Independent researcher Maxim Rupp has identified vulnerabilities in Honeywell 's XL Web II controller application. Honeywell has produced a new version to mitigate these vulnerabilities.

CVEs (5)

CVE-2017-5139 CVE-2017-5140 CVE-2017-5141 CVE-2017-5142 CVE-2017-5143

Remediations

Honeywell has developed Version 3.04.05.05 to fix the vulnerabilities in the XL Web II controllers. Users are encouraged to contact the local Honeywell HBS branch to have their sites updated to the latest version.
In the Centraline partner channel, Excel Web controllers also have been sold under the brand name “FALCON.” Users can obtain the latest versions by contacting Centraline:

Affected Vendors

Honeywell

Affected Products (2)

Honeywell · XLWeb 500 XLWebExe <= 1-02-08

Honeywell · XL1000C500 XLWebExe <= 2-01-00

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more