Skip to main content

Honeywell CNM EUVDEUVD-2026-31251

| CVE-2026-5434 MEDIUM
Insertion of Sensitive Information into Externally-Accessible File (CWE-538)
2026-05-21 Honeywell GHSA-m6f8-6m3m-x2rv
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:34 vuln.today

DescriptionCVE.org

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.

AnalysisAI

Sensitive information disclosure in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows unauthenticated remote attackers to access protected data by probing system file paths that inadvertently receive sensitive writes. The root cause is CWE-538, where the module incorrectly routes sensitive information into directories accessible outside the intended trust boundary. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, its presence in an industrial control system network component elevates the operational consequence of any successful confidentiality breach.

Technical ContextAI

CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory) describes a class of flaws where an application writes data - such as credentials, session tokens, cryptographic material, or configuration secrets - to a filesystem location that is readable by parties outside the intended access scope. The affected component, Honeywell's Control Network Module (CNM), is an industrial automation network interface product identified by CPE cpe:2.3:a:honeywell_international_inc.:control_network_module_(cnm):*:*:*:*:*:*:*:*. In OT/ICS deployments, CNM devices typically bridge process control networks and enterprise or supervisory layers, making any unintended file exposure on such a device particularly sensitive - the data written could include network credentials, configuration parameters, or inter-device authentication material used across the control network.

RemediationAI

A vendor-released patch is confirmed available from Honeywell; operators should consult the Honeywell Process Solutions advisory portal at https://process.honeywell.com/ to obtain the specific patched firmware or software version applicable to their CNM deployment. The exact fixed version number was not independently specified in the available advisory data beyond the vendor confirmation, so administrators should verify the target version directly with Honeywell support before deployment. As a compensating control while patching is scheduled, restrict network-layer access to the CNM management interface using firewall rules or network segmentation to limit which hosts can reach the device's file-accessible interfaces - reducing the pool of potential attackers given the AC:H requirement. Additionally, audit filesystem permissions on CNM-accessible directories and review any logging or diagnostic features that may contribute to sensitive data being written to unexpected paths. Note that network restriction does not eliminate the vulnerability but raises the bar for exploitation given the already-elevated attack complexity.

CVE-2013-0108 MEDIUM POC
6.8 Feb 24

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R

CVE-2015-0984 CRITICAL POC
10.0 Mar 31

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C

CVE-2023-3710 CRITICAL POC
9.8 Sep 12

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injec

CVE-2017-14263 HIGH
8.1 Sep 11

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest

CVE-2017-5671 HIGH POC
8.8 Mar 29

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x befo

CVE-2014-8269 HIGH
7.5 Dec 13

Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.

CVE-2025-2605 CRITICAL
9.9 May 02

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB

CVE-2026-3611 CRITICAL
10.0 Mar 12

Unauthenticated access to Honeywell IQ4x building controller HMI. CVSS 10.0.

CVE-2017-5140 CRITICAL
9.8 Feb 13

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-

CVE-2017-5139 CRITICAL
9.8 Feb 13

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-

CVE-2023-25178 CRITICAL
9.8 Jul 13

Controller may be loaded with malicious firmware which could enable remote code execution. Rated critical severity (CVSS

CVE-2022-30318 CRITICAL
9.8 Aug 31

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability

Share

EUVD-2026-31251 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy