CVE-2015-0984: Path Traversal

First published: Tue Mar 31 2015(Updated: )

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.

Credit: ics-cert@hq.dhs.gov

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/weakness
• agent/references
• agent/severity
• agent/last-modified-date
• agent/author
• agent/tags
• agent/first-publish-date
• agent/event
• agent/description
• agent/source
• vendor/honeywell
• canonical/honeywell excel web xl 1000c100 104 i\/o
• version/honeywell excel web xl 1000c100 104 i\/o/2.04.00
• canonical/honeywell excel web xl 1000c1000 600 i\/o
• version/honeywell excel web xl 1000c1000 600 i\/o/2.04.00
• canonical/honeywell excel web xl 1000c1000 600 i\/o uukl
• version/honeywell excel web xl 1000c1000 600 i\/o uukl/2.04.00
• canonical/honeywell excel web xl 1000c100u 104 i\/o uukl
• version/honeywell excel web xl 1000c100u 104 i\/o uukl/2.04.00
• canonical/honeywell excel web xl 1000c50 52 i\/o
• version/honeywell excel web xl 1000c50 52 i\/o/2.04.00
• canonical/honeywell excel web xl 1000c500 300 i\/o
• version/honeywell excel web xl 1000c500 300 i\/o/2.04.00
• canonical/honeywell excel web xl 1000c500 300 i\/o uukl
• version/honeywell excel web xl 1000c500 300 i\/o uukl/2.04.00
• canonical/honeywell excel web xl 1000c50u 52 i\/o uukl
• version/honeywell excel web xl 1000c50u 52 i\/o uukl/2.04.00