CVE-2026-5433
Received Received - Intake
Command Injection in Honeywell Control Network Module

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: Honeywell International Inc.

Description
Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-05-21
AI Q&A
2026-05-21
EPSS Evaluated
N/A
NVD
CVE-2026-5433
EUVD
EUVD-2026-31253
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
honeywell control_network_module *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the Honeywell Control Network Module (CNM) web interface and is a command injection flaw. An attacker can exploit this vulnerability by using command delimiters to inject malicious commands, which can lead to Remote Code Execution (RCE) on the affected system.


How can this vulnerability impact me? :

Exploitation of this vulnerability could allow an attacker to execute arbitrary commands remotely on the Honeywell Control Network Module. This can lead to full compromise of the affected device, including unauthorized control, data manipulation, disruption of services, and potential spread of attacks within the network.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart