Skip to main content

Honeywell CNM EUVD-2026-31253

| CVE-2026-5433 CRITICAL
2026-05-21 Honeywell GHSA-ww6q-r9c5-m444
RCE Command Injection Honeywell
9.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:30 vuln.today

DescriptionNVD

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).

AnalysisAI

Remote code execution in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows authenticated high-privilege attackers to inject arbitrary OS commands through the device's web interface using command delimiters. The flaw carries a CVSS 9.1 rating due to scope change and full CIA impact, and no public exploit identified at time of analysis, though the industrial-control context makes any RCE highly consequential. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all CNM instances and identify those running versions 100.1-110.2; implement network access restrictions to the web interface for essential personnel only. Within 7 days: Apply Honeywell's released patch to all vulnerable CNM devices via process.honeywell.com. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-31253 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy