Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published: 2026-05-21
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Honeywell Control Network Module (CNM) has a flaw that allows insertion of sensitive information into an unintended directory. This improper handling of data can lead to confidentiality loss, as attackers may gain access to protected information. The weakness corresponds to CWE‑538, indicating that data is stored in a location that is not properly protected or segregated.

Affected Systems

The affected product is Honeywell International Inc.’s Control Network Module (CNM). No specific version information is provided in the advisory. Administrators should identify systems running CNM and ascertain whether the package is the latest available version.

Risk and Exploitability

The CVSS score of 5.9 reflects moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA KEV, indicating no widespread exploitation to date. The likely attack vector is probing of system files to locate where sensitive data has been inadvertently stored; this inference is based on the description that an attacker could exploit the weakness through probing system files. The absence of documented exploitation suggests the likelihood is uncertain, but the potential impact warrants proactive remediation.

Generated by OpenCVE AI on May 21, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update for Honeywell Control Network Module (CNM) that addresses improper data placement.
  • Configure the CNM to enforce directory boundaries for sensitive data, ensuring that such data is stored only in designated secure locations.
  • Implement strict file system permissions and audit user privileges so that only authorized accounts can write to or read from the protected directories.
  • Perform regular scans of system directories for unintended storage of sensitive information and set up alerts for anomalous file access patterns.

Generated by OpenCVE AI on May 21, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References

No reference.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title Improper storage of sensitive information
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-538
CPEs cpe:2.3:h:honeywell:control_network_module:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:control_network_module_firmware:*:*:*:*:*:*:*:*
Vendors & Products Honeywell control Network Module
Honeywell control Network Module Firmware
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 02 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Honeywell control Network Module
Honeywell control Network Module Firmware
CPEs cpe:2.3:h:honeywell:control_network_module:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:control_network_module_firmware:*:*:*:*:*:*:*:*
Vendors & Products Honeywell control Network Module
Honeywell control Network Module Firmware

Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Honeywell
Honeywell control Network Module (cnm)
Vendors & Products Honeywell
Honeywell control Network Module (cnm)

Thu, 21 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.
Title Improper storage of sensitive information
Weaknesses CWE-538
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Honeywell Control Network Module (cnm)
cve-icon MITRE

Status: REJECTED

Assigner: Honeywell

Published:

Updated: 2026-06-02T13:15:54.013Z

Reserved: 2026-04-02T16:12:23.800Z

Link: CVE-2026-5434

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2026-05-21T09:16:30.410

Modified: 2026-06-02T14:17:05.110

Link: CVE-2026-5434

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T12:38:45Z

Weaknesses

No weakness.