PatchSiren cyber security CVE debrief

CVE-2017-5142 Honeywell CVE debrief

CVE-2017-5142 is a critical Honeywell XL Web II / XLWeb 500 controller issue where a low-privileged user can access a specific URL to open and change parameters because of improper privilege management. The published CVSS 3.0 vector indicates network accessibility, low attack complexity, low privileges required, no user interaction, and impact to confidentiality, integrity, and availability.

Vendor: Honeywell
Product: CVE-2017-5142
CVSS: CRITICAL 9.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Industrial control system operators, OT/ICS administrators, integrators, and security teams responsible for Honeywell XL Web II controller deployments running XLWebExe-2-01-00 or earlier, and XLWeb 500 deployments running XLWebExe-1-02-08 or earlier.

Technical summary

NVD lists affected Honeywell XL Web II controller versions XLWebExe-2-01-00 and prior, and XLWeb 500 versions XLWebExe-1-02-08 and prior. The weakness is mapped to CWE-269 (Improper Privilege Management). According to the advisory summary, a low-privileged user can reach a specific URL and modify parameters, which indicates an authorization boundary failure rather than a pure authentication problem. The CVSS vector is CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L, reflecting network reachability and meaningful impact once access is obtained.

Defensive priority

High. Because the issue is rated Critical and affects controller management functions, organizations should treat exposure of the relevant web interface as urgent and restrict access until vendor guidance and compensating controls are in place.

Recommended defensive actions

Identify any Honeywell XL Web II or XLWeb 500 deployments and verify whether they are running XLWebExe-2-01-00 or earlier, or XLWebExe-1-02-08 or earlier.
Restrict network access to the controller web interface to only trusted administrative hosts and management segments.
Review controller authorization settings and confirm that low-privileged accounts cannot reach parameter-editing URLs.
Apply the vendor and ICS-CERT guidance referenced in the official advisory for mitigation steps and update planning.
Monitor for unauthorized parameter changes or unexpected web requests against the controller management interface.
If remediation cannot be applied immediately, use compensating controls such as segmentation, access control lists, and administrative account review to reduce exposure.

Evidence notes

The description, affected versions, and CWE mapping come from the supplied NVD record for CVE-2017-5142. The advisory references include the US-CERT/ICS-CERT bulletin ICSA-17-033-01 and the SecurityFocus BID 95971 entry. The CVSS vector supplied in the source item supports the severity and access characteristics stated here. No exploit steps or unsupported remediation claims are included.

Official resources

CVE-2017-5142 CVE record
CVE.org
CVE-2017-5142 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

Published by NVD on 2017-02-13. The supplied record was modified on 2026-05-13; that later date reflects record maintenance, not the original vulnerability disclosure date.