A critical command injection vulnerability in the Honeywell Control Network Module web interface allows unauthenticated remote code execution.

The vulnerability exists in the web interface where inadequate input sanitation allows the use of command delimiters. An unauthenticated attacker can leverage this to inject and execute arbitrary system commands on the device.

The CVSS score of 9.1 underscores the critical nature of this vulnerability. Remote code execution on a Control Network Module could lead to the complete takeover of industrial control systems, posing severe risks to operational safety, physical equipment, and business continuity.

Immediate Action: Check the official Honeywell security advisory for the latest firmware update or patch and apply it to all affected Control Network Modules.

Proactive Monitoring: Monitor network traffic for suspicious command-line strings or unusual connections directed toward the management interface of the module.

Compensating Controls: Restrict network access to the web interface to authorized internal IP addresses only, and utilize a WAF to filter for command injection patterns.

Public Exploit Available: false

Given the potential impact on industrial control systems, this vulnerability should be treated with the highest urgency. Organizations must identify affected modules and apply vendor-provided patches immediately to prevent unauthorized remote control.