PatchSiren cyber security CVE debrief
CVE-2017-5141 Honeywell CVE debrief
CVE-2017-5141 affects Honeywell XL Web II controller software and is described as a session fixation issue. An attacker can establish a new user session without invalidating the existing session identifier, creating an opportunity to steal authenticated sessions. The CVE was published on 2017-02-13 and later modified in NVD on 2026-05-13.
- Vendor
- Honeywell
- Product
- CVE-2017-5141
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Operators, administrators, and security teams responsible for Honeywell XL Web II controller deployments, especially systems running XLWebExe-2-01-00 and prior on XL1000C500, or XLWebExe-1-02-08 and prior on XLWeb 500.
Technical summary
The vulnerability is categorized by NVD as CWE-384 (session fixation). According to the supplied NVD data, the affected software includes Honeywell XL Web II controller XL1000C500 running XLWebExe-2-01-00 and earlier, and XLWeb 500 running XLWebExe-1-02-08 and earlier. The reported behavior allows creation of a new user session without invalidating an existing session identifier, which can enable theft of authenticated sessions. NVD lists the CVSS v3.0 vector as AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L with a score of 6.0.
Defensive priority
Medium. This is an authenticated, network-reachable session-management issue that can expose or hijack active sessions, so it warrants prompt review in OT environments even though the CVSS score is moderate.
Recommended defensive actions
- Identify all Honeywell XL Web II controller assets and verify whether they run XLWebExe-2-01-00, XLWebExe-1-02-08, or earlier.
- Review the vendor and ICS-CERT advisory guidance for remediation or upgrade paths for affected controller software.
- Limit network access to controller management interfaces to trusted administrative hosts and segments.
- Audit session management behavior and administrative access controls for signs of abnormal session creation or reuse.
- Monitor affected OT environments for suspicious authentication events and unexpected session activity.
- If remediation is not immediately possible, apply compensating controls such as segmentation and strict administrative access restrictions.
Evidence notes
All factual claims are taken from the supplied NVD record and the referenced official advisory links. The vulnerability description, affected versions, CWE mapping, CVSS vector, and publication/modified dates come from the provided corpus. No exploit details or unsupported remediation claims are included.
Official resources
-
CVE-2017-5141 CVE record
CVE.org
-
CVE-2017-5141 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly disclosed and published in NVD on 2017-02-13; NVD record last modified on 2026-05-13. No KEV listing was provided in the source corpus.