CVE-2015-0984

Published: Mar 31, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.

Affected (8)

Products: Honeywell: Excel Web Xl 1000c1000 600 I/o, Excel Web Xl 1000c1000 600 I/o Uukl, Excel Web Xl 1000c100 104 I/o, Excel Web Xl 1000c100u 104 I/o Uukl, Excel Web Xl 1000c500 300 I/o, Excel Web Xl 1000c500 300 I/o Uukl, Excel Web Xl 1000c50 52 I/o, Excel Web Xl 1000c50u 52 I/o Uukl

Honeywell

8 products

Excel Web Xl 1000c1000 600 I/o

Excel Web Xl 1000c1000 600 I/o Uukl

Excel Web Xl 1000c100 104 I/o

Excel Web Xl 1000c100u 104 I/o Uukl

Excel Web Xl 1000c500 300 I/o

Excel Web Xl 1000c500 300 I/o Uukl

Excel Web Xl 1000c50 52 I/o

Excel Web Xl 1000c50u 52 I/o Uukl

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Honeywell Excel Web Xl 1000c1000 600 I/o	Up to 2.04.00
Honeywell Excel Web Xl 1000c1000 600 I/o Uukl	Up to 2.04.00
Honeywell Excel Web Xl 1000c100 104 I/o	Up to 2.04.00
Honeywell Excel Web Xl 1000c100u 104 I/o Uukl	Up to 2.04.00
Honeywell Excel Web Xl 1000c500 300 I/o	Up to 2.04.00
Honeywell Excel Web Xl 1000c500 300 I/o Uukl	Up to 2.04.00
Honeywell Excel Web Xl 1000c50 52 I/o	Up to 2.04.00
Honeywell Excel Web Xl 1000c50u 52 I/o Uukl	Up to 2.04.00