Test ID:	1.3.6.1.4.1.25623.1.0.805540
Category:	FTP
Title:	Honeywell Falcon XL Web Controller Directory Traversal Vulnerability - Active Check
Summary:	Honeywell Falcon XL Web Controller is prone to a directory traversal vulnerability.
Description:	Summary: Honeywell Falcon XL Web Controller is prone to a directory traversal vulnerability. Vulnerability Insight: Flaw exists due to the FTP server not properly sanitizing user input, specifically path traversal style attacks. Vulnerability Impact: Successful exploitation will allow remote attackers to read arbitrary files on the target system. Affected Software/OS: XL1000C50-EXCEL WEB 52 I/O before 2.04.01 XL1000C100-EXCEL WEB 104 I/O before 2.04.01 XL1000C500-EXCEL WEB 300 I/O before 2.04.01 XL1000C1000-EXCEL WEB 600 I/O before 2.04.01 XL1000C50U-EXCEL WEB 52 I/O UUKL before 2.04.01 XL1000C100U-EXCEL WEB 104 I/O UUKL before 2.04.01 XL1000C500U-EXCEL WEB 300 I/O UUKL before 2.04.01 XL1000C1000U-EXCEL WEB 600 I/O UUKL before 2.04.01 Solution: Upgrade to EXCEL WEB to version 2.04.01 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0984 http://seclists.org/fulldisclosure/2015/Apr/79 https://ics-cert.us-cert.gov/advisories/ICSA-15-076-02 https://www.outpost24.com/hacking-industrial-control-systems-case-study-falcon/
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.