CVE-2026-5434 PUBLISHED

Improper storage of sensitive information

Assigner: Honeywell
Reserved: 02.04.2026 Published: 21.05.2026 Updated: 21.05.2026

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 5.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Honeywell International Inc.
Product	Control Network Module (CNM)
Versions	Default: unaffected affected from 100.1 to 110.2 (incl.)

Credits

Andreas Krämer, BASF Digital Solutions GmbH finder
Martin Floeck, BASF Digital Solutions GmbH finder
Stefan Stahl, BASF Digital Solutions GmbH finder

References

https://process.honeywell.com/

Problem Types

CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE

Impacts

CAPEC-639: Probe System Files