Honeywell IQ4x BMS Controller
Summary
Honeywell's IQ4x Building Management System (BMS) controllers are affected by a critical vulnerability (CVE-2026-3611) that allows unauthenticated remote attackers to gain administrative access. Successful exploitation enables attackers to create their own administrative credentials, potentially locking out legitimate operators and causing denial-of-service conditions.
IFF Assessment
This vulnerability allows unauthorized attackers to gain administrative control and lock out legitimate users, posing a significant threat to critical infrastructure.
Severity
Defender Context
This vulnerability in critical building management systems requires immediate attention from defenders, especially those managing commercial facilities, critical manufacturing, and government services. Organizations should verify firmware versions and apply updates or implement compensating controls to prevent unauthorized access and potential disruption of operations.