Skip to main content

Honeywell CNM CVE-2026-5433

| EUVDEUVD-2026-31253 CRITICAL
2026-05-21 Honeywell GHSA-ww6q-r9c5-m444
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:30 vuln.today

DescriptionCVE.org

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).

AnalysisAI

Remote code execution in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows authenticated high-privilege attackers to inject arbitrary OS commands through the device's web interface using command delimiters. The flaw carries a CVSS 9.1 rating due to scope change and full CIA impact, and no public exploit identified at time of analysis, though the industrial-control context makes any RCE highly consequential. Honeywell has released a patch via its process.honeywell.com portal.

Technical ContextAI

The Control Network Module (CNM) is a Honeywell industrial communications gateway used in Experion PKS and related distributed control system (DCS) deployments to bridge process-control networks. The vulnerability is a classic command injection (CWE-78-class issue, though CWE is unlisted in source data) in the device's HTTP management interface: user-supplied input is concatenated into a shell or system invocation without adequate sanitization of delimiter characters such as ';', '|', '&', '$()', or backticks, allowing attacker-controlled strings to break out of the intended argument and execute additional commands in the underlying OS context. The affected CPE is cpe:2.3:a:honeywell_international_inc.:control_network_module_(cnm), confirming this is a Honeywell-branded application/firmware component rather than a generic third-party library.

RemediationAI

Apply the Honeywell-released patch obtained through the vendor's process automation support portal at https://process.honeywell.com/ - the input confirms a patch is available but does not name the fixed firmware build, so operators must retrieve the exact fixed version from Honeywell's security notification matched to their CNM revision. Until the patch is deployed, restrict network reachability to the CNM web interface by placing the device behind a management VLAN or jump host so only a hardened engineering workstation can reach the HTTP service, rotate and strengthen administrative credentials to neutralize the PR:H precondition, and enable logging/alerting on the CNM management interface to detect anomalous command strings; the trade-off of network segmentation is added latency for legitimate engineering access and potential disruption to remote diagnostic tooling, while credential rotation can temporarily break automation scripts that hardcode the old password.

CVE-2013-0108 MEDIUM POC
6.8 Feb 24

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R

CVE-2015-0984 CRITICAL POC
10.0 Mar 31

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C

CVE-2023-3710 CRITICAL POC
9.8 Sep 12

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injec

CVE-2017-14263 HIGH
8.1 Sep 11

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest

CVE-2017-5671 HIGH POC
8.8 Mar 29

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x befo

CVE-2014-8269 HIGH
7.5 Dec 13

Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.

CVE-2025-2605 CRITICAL
9.9 May 02

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB

CVE-2026-3611 CRITICAL
10.0 Mar 12

Unauthenticated access to Honeywell IQ4x building controller HMI. CVSS 10.0.

CVE-2017-5140 CRITICAL
9.8 Feb 13

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-

CVE-2017-5139 CRITICAL
9.8 Feb 13

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-

CVE-2023-25178 CRITICAL
9.8 Jul 13

Controller may be loaded with malicious firmware which could enable remote code execution. Rated critical severity (CVSS

CVE-2022-30318 CRITICAL
9.8 Aug 31

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability

Share

CVE-2026-5433 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy