{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T01:29:44.457","vulnerabilities":[{"cve":{"id":"CVE-2017-5141","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.423","lastModified":"2026-06-17T01:20:02.257","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION)."},{"lang":"es","value":"Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un atacante puede establecer una nueva sesión de usuario, sin invalidar ningún identificador de sesión existente, lo que le da la oportunidad de robar sesiones autenticadas (REPARACIÓN DE SESIÓN)."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"n/a","product":"Honeywell XL Web II Controller","versions":[{"version":"Honeywell XL Web II Controller","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*","matchCriteriaId":"6F06D365-A41E-45EE-8F93-035E1B8C2723"},{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*","matchCriteriaId":"3B7544CA-319B-40A2-AD75-FF0159DF0DAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C7B6E447-DF91-45ED-86FD-921C6A4FCD21"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95971","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}