CVE-2026-5433

Summary

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).

Affected Software

VendorProductVersion RangeStatus
Honeywell International Inc.Control Network Module (CNM)100.1 <= 110.2affected

Weaknesses

  • CWE‑77 – Improper Neutralization of Special Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References