Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.
AnalysisAI
Sensitive information disclosure in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows unauthenticated remote attackers to access protected data by probing system file paths that inadvertently receive sensitive writes. The root cause is CWE-538, where the module incorrectly routes sensitive information into directories accessible outside the intended trust boundary. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, its presence in an industrial control system network component elevates the operational consequence of any successful confidentiality breach.
Technical ContextAI
CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory) describes a class of flaws where an application writes data - such as credentials, session tokens, cryptographic material, or configuration secrets - to a filesystem location that is readable by parties outside the intended access scope. The affected component, Honeywell's Control Network Module (CNM), is an industrial automation network interface product identified by CPE cpe:2.3:a:honeywell_international_inc.:control_network_module_(cnm):*:*:*:*:*:*:*:*. In OT/ICS deployments, CNM devices typically bridge process control networks and enterprise or supervisory layers, making any unintended file exposure on such a device particularly sensitive - the data written could include network credentials, configuration parameters, or inter-device authentication material used across the control network.
RemediationAI
A vendor-released patch is confirmed available from Honeywell; operators should consult the Honeywell Process Solutions advisory portal at https://process.honeywell.com/ to obtain the specific patched firmware or software version applicable to their CNM deployment. The exact fixed version number was not independently specified in the available advisory data beyond the vendor confirmation, so administrators should verify the target version directly with Honeywell support before deployment. As a compensating control while patching is scheduled, restrict network-layer access to the CNM management interface using firewall rules or network segmentation to limit which hosts can reach the device's file-accessible interfaces - reducing the pool of potential attackers given the AC:H requirement. Additionally, audit filesystem permissions on CNM-accessible directories and review any logging or diagnostic features that may contribute to sensitive data being written to unexpected paths. Note that network restriction does not eliminate the vulnerability but raises the bar for exploitation given the already-elevated attack complexity.
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injec
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x befo
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB
Unauthenticated access to Honeywell IQ4x building controller HMI. CVSS 10.0.
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-
Controller may be loaded with malicious firmware which could enable remote code execution. Rated critical severity (CVSS
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31251
GHSA-m6f8-6m3m-x2rv