Honeywell XLWEB SCADA controller suffers from a remote path traversal vulnerability that allows for remote code execution.