CVE-2017-5143 Honeywell CVE debrief

Who should care

OT/ICS operators, plant engineers, network defenders, and asset owners running Honeywell XL Web II controller web interfaces, especially systems identified as XLWebExe-1-02-08 and prior or XLWebExe-2-01-00 and prior.

Technical summary

The NVD record identifies a CWE-22 directory traversal weakness in Honeywell XL Web II controller software. The vulnerability is network-reachable, requires no authentication, and no user interaction. The supplied CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, indicating potential unauthorized access to data and limited integrity and availability impact.

Defensive priority

High

Recommended defensive actions

• Identify whether any Honeywell XL Web II controller web interfaces are present in the environment.
• Compare deployed versions against the affected ranges listed in the NVD record: XLWebExe-1-02-08 and prior, and XLWebExe-2-01-00 and prior.
• Restrict network exposure to controller web interfaces, especially from untrusted or enterprise-wide networks.
• Apply vendor or ICS-CERT guidance referenced in the advisory links when available in your environment.
• Monitor logs and network activity for unexpected requests to controller web URLs that may indicate traversal attempts.
• If patching is not immediately possible, place compensating controls around the affected web interface and limit access to trusted administrative hosts only.

Evidence notes

All substantive claims here are grounded in the supplied NVD record and its cited references. The NVD entry states the issue is an unauthenticated directory traversal vulnerability affecting Honeywell XL Web II controller versions XLWebExe-1-02-08 and prior and XLWebExe-2-01-00 and prior. The record also provides the CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, CWE-22, and ICS-CERT/SecurityFocus reference links. No exploit steps, file paths, or remediation details beyond the cited references are included.

Official resources