Critical Authentication Bypass in Honeywell IQ4x BMS Controllers Allows Remote Takeover
-
Critical Authentication Bypass in Honeywell IQ4x BMS Controllers Allows Remote Takeover
Honeywell IQ4x BMS controllers contain a maximum severity critical vulnerability (CVE-2026-3611) that allows unauthenticated attackers to create administrative accounts and take full control of building management systems.
**If you are using Honeywell IQ4x Building Management System (or any BMS), make sure it's isolated from the internet and accessible only from trusted networks. Then reach out to Honeywell for updates. Don't wait to isolate your systems. This is maximum severity flaw, and it will be exploited very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-honeywell-iq4x-bms-controllers-allows-remote-takeover-j-p-z-w-f/gD2P6Ple2L -
R relay@relay.infosec.exchange shared this topic
