This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00318.

Key SSVC decision points have not yet been added.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Honeywell Subscribe
Control Network Module (cnm) Subscribe

Project Subscriptions

Vendors Products
Honeywell Subscribe
Control Network Module (cnm) Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title Improper Sanitization in CNM Web Interface
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:honeywell:control_network_module:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:control_network_module_firmware:*:*:*:*:*:*:*:*
Vendors & Products Honeywell control Network Module
Honeywell control Network Module Firmware
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Tue, 02 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE). This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Honeywell control Network Module
Honeywell control Network Module Firmware
Weaknesses CWE-77
CPEs cpe:2.3:h:honeywell:control_network_module:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:control_network_module_firmware:*:*:*:*:*:*:*:*
Vendors & Products Honeywell control Network Module
Honeywell control Network Module Firmware

Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Honeywell
Honeywell control Network Module (cnm)
Vendors & Products Honeywell
Honeywell control Network Module (cnm)

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).
Title Improper Sanitization in CNM Web Interface
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: REJECTED

Assigner: Honeywell

Published:

Updated: 2026-06-02T13:16:37.002Z

Reserved: 2026-04-02T16:12:22.574Z

Link: CVE-2026-5433

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2026-05-21T09:16:30.270

Modified: 2026-06-02T14:16:55.843

Link: CVE-2026-5433

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:00:11Z

Weaknesses