CVE-2026-3611
Published: Mar 12, 2026
Modified: Mar 30, 2026
CVSS v3.1
10.0
Description
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.
| Vendor | Product | Versions |
|---|---|---|
Honeywell | IQ4E | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Honeywell | IQ412 | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Honeywell | IQ422 | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Honeywell | IQ4NC | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Honeywell | IQ41x | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Honeywell | IQ3 | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Honeywell | IQECO | affected v3.50_3.44 - <= 4.36 (build 4.3.7.9) |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now