Search criteria
2 vulnerabilities by Honeywell International Inc.
CVE-2026-5434 (GCVE-0-2026-5434)
Vulnerability from cvelistv5 – Published: 2026-05-21 08:38 – Updated: 2026-05-21 12:06
VLAI
Title
Improper storage of sensitive information
Summary
Honeywell Control
Network Module (CNM) contains
insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing
system files, potentially resulting in unintended
access to protected data.
Severity
5.9 (Medium)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://process.honeywell.com/ | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Honeywell International Inc. | Control Network Module (CNM) |
Affected:
100.1 , ≤ 110.2
(cpe)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T12:06:31.149864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T12:06:44.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"CNM"
],
"product": "Control Network Module (CNM)",
"vendor": "Honeywell International Inc.",
"versions": [
{
"lessThanOrEqual": "110.2",
"status": "affected",
"version": "100.1",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andreas Kr\u00e4mer, BASF Digital Solutions GmbH"
},
{
"lang": "en",
"type": "finder",
"value": "Martin Floeck, BASF Digital Solutions GmbH"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Stahl, BASF Digital Solutions GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHoneywell Control\nNetwork Module (CNM)\u0026nbsp;\u003cspan\u003econtains\n\u003c/span\u003e\u003cspan\u003einsertion of sensitive \u003c/span\u003e\u003cspan\u003einformation i\u003c/span\u003e\u003cspan\u003ento an unintended directory\u003c/span\u003e\u003cspan\u003e. \u003c/span\u003e\u003cspan\u003eAn attacker could exploit this vulnerability \u003c/span\u003e\u003cspan\u003ethrough\u003c/span\u003e\u003cspan\u003e \u003c/span\u003e\u003cspan\u003eprobing\nsystem files\u003c/span\u003e\u003cspan\u003e, \u003c/span\u003e\u003cspan\u003epotentially resulting in \u003c/span\u003e\u003cspan\u003eunintended\naccess to protected data\u003c/span\u003e\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Honeywell Control\nNetwork Module (CNM)\u00a0contains\ninsertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing\nsystem files, potentially resulting in unintended\naccess to protected data."
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639: Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T08:38:25.477Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://process.honeywell.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper storage of sensitive information",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2026-5434",
"datePublished": "2026-05-21T08:38:25.477Z",
"dateReserved": "2026-04-02T16:12:23.800Z",
"dateUpdated": "2026-05-21T12:06:44.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5433 (GCVE-0-2026-5433)
Vulnerability from cvelistv5 – Published: 2026-05-21 08:35 – Updated: 2026-05-21 12:38
VLAI
Title
Improper Sanitization in CNM Web Interface
Summary
Honeywell Control
Network Module (CNM) contains command injection vulnerability
in the web interface. An attacker could exploit this vulnerability via command
delimiters, potentially resulting in Remote Code Execution (RCE).
Severity
9.1 (Critical)
CWE
- CWE‑77 – Improper Neutralization of Special Elements
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://process.honeywell.com/ | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Honeywell International Inc. | Control Network Module (CNM) |
Affected:
100.1 , ≤ 110.2
(cpe)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T12:38:39.246019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T12:38:52.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"CNM"
],
"product": "Control Network Module (CNM)",
"vendor": "Honeywell International Inc.",
"versions": [
{
"lessThanOrEqual": "110.2",
"status": "affected",
"version": "100.1",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andreas Kr\u00e4mer, BASF Digital Solutions GmbH"
},
{
"lang": "en",
"type": "finder",
"value": "Martin Floeck, BASF Digital Solutions GmbH"
},
{
"lang": "en",
"type": "finder",
"value": "Stefan Stahl, BASF Digital Solutions GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHoneywell Control\nNetwork Module (CNM)\u0026nbsp;contains command injection vulnerability\nin the web interface. An attacker could exploit this vulnerability via command\ndelimiters, potentially resulting in Remote Code Execution (RCE).\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Honeywell Control\nNetwork Module (CNM)\u00a0contains command injection vulnerability\nin the web interface. An attacker could exploit this vulnerability via command\ndelimiters, potentially resulting in Remote Code Execution (RCE)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "CAPEC\u2011248 \u2013 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE\u201177 \u2013 Improper Neutralization of Special Elements",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T08:35:31.438Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://process.honeywell.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Sanitization in CNM Web Interface",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2026-5433",
"datePublished": "2026-05-21T08:35:31.438Z",
"dateReserved": "2026-04-02T16:12:22.574Z",
"dateUpdated": "2026-05-21T12:38:52.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}