CVE-2014-3110

Honeywell Falcon Xlweb Linux Controller < 2.04.01 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.

Exploits (1)

exploitdb WORKING POC

by t4rkd3vilz · textwebappslinux

https://www.exploit-db.com/exploits/44749

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68838

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/44749/

Scores

EPSS 0.0243

EPSS Percentile 85.0%

Details

CWE

CWE-79

Status published

Products (3)

honeywell/falcon_xlweb_linux_controller < 2.04.01

honeywell/falcon_xlweb_xlwebexe < 2.02.11

n/a/n/a

Published Jul 24, 2014

Tracked Since Feb 18, 2026