CVE-2026-3611P2CRITICALCVSS 10.0fixed in 3.302026-03-12
CVE-2026-3611 [CRITICAL] CWE-306 CVE-2026-3611: The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentica
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. A
nvd