Description
Honeywell Control
Network Module (CNM) contains
insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing
system files, potentially resulting in unintended
access to protected data.
Published: 2026-05-21
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Honeywell Control Network Module (CNM) has a flaw that allows insertion of sensitive information into an unintended directory. This improper handling of data can lead to confidentiality loss, as attackers may gain access to protected information. The weakness corresponds to CWE‑538, indicating that data is stored in a location that is not properly protected or segregated.

Affected Systems

The affected product is Honeywell International Inc.’s Control Network Module (CNM). No specific version information is provided in the advisory. Administrators should identify systems running CNM and ascertain whether the package is the latest available version.

Risk and Exploitability

The CVSS score of 5.9 reflects moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA KEV, indicating no widespread exploitation to date. The likely attack vector is probing of system files to locate where sensitive data has been inadvertently stored; this inference is based on the description that an attacker could exploit the weakness through probing system files. The absence of documented exploitation suggests the likelihood is uncertain, but the potential impact warrants proactive remediation.

Generated by OpenCVE AI on May 21, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update for Honeywell Control Network Module (CNM) that addresses improper data placement.
  • Configure the CNM to enforce directory boundaries for sensitive data, ensuring that such data is stored only in designated secure locations.
  • Implement strict file system permissions and audit user privileges so that only authorized accounts can write to or read from the protected directories.
  • Perform regular scans of system directories for unintended storage of sensitive information and set up alerts for anomalous file access patterns.

Generated by OpenCVE AI on May 21, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://process.honeywell.com/ cve-icon cve-icon
History

Thu, 21 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.
Title Improper storage of sensitive information
Weaknesses CWE-538
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Honeywell

Published:

Updated: 2026-05-21T12:06:44.395Z

Reserved: 2026-04-02T16:12:23.800Z

Link: CVE-2026-5434

cve-icon Vulnrichment

Updated: 2026-05-21T12:06:36.288Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-21T09:16:30.410

Modified: 2026-05-21T15:26:35.653

Link: CVE-2026-5434

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T10:30:08Z

Weaknesses