CVE-2017-5139 Honeywell CVE debrief

Who should care

OT/ICS operators, control-system administrators, plant security teams, and incident responders responsible for Honeywell XL Web II controller deployments should treat this as high priority, especially where the web interface is reachable from broader operational or enterprise networks.

Technical summary

NVD states that any user can disclose a password by accessing a specific URL, with the underlying weakness identified as plaintext storage of a password / insufficient protection of credentials. The official NVD entry lists affected Honeywell XL Web II controller CPEs for XLWebExe-2-01-00 and prior, and XLWebExe-1-02-08 and prior. The recorded CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

Immediate

Recommended defensive actions

• Identify all Honeywell XL Web II controller deployments and confirm whether they run XLWebExe-2-01-00 or earlier, or XLWebExe-1-02-08 or earlier.
• Apply Honeywell and ICS-CERT guidance from the referenced advisories, and move to a non-affected controller/software release if available.
• Restrict network access to the controller web interface so only authorized management hosts can reach it.
• Rotate any credentials that may have been exposed and review access to the controller management interface for suspicious retrieval of the affected URL.
• Segment OT assets from enterprise networks and enforce least-privilege access to reduce the blast radius of credential disclosure.

Evidence notes

All statements are based on the supplied NVD record, CVE record link, and the referenced ICS-CERT / US-CERT advisory URLs. The NVD entry explicitly lists the affected Honeywell versions, the CWE-522 weakness, and the CVSS 3.0 vector 9.8. No exploit steps or unsupported remediation claims are included.

Official resources