Honeywell IQ4x BMS Controller Mist Authentication voor kritieke functie

The impact of this vulnerability is severe. An attacker who can reach the IQ4x controller's HTTP interface can create a new administrative account, effectively gaining full control over the building management system. This control extends to reading and modifying system configurations, potentially disrupting building operations, manipulating sensor data, and even gaining access to sensitive building information. Given the critical role BMS controllers play in building automation, successful exploitation could lead to significant operational and safety consequences. The lack of authentication by default significantly broadens the attack surface, making the system vulnerable to both internal and external threats.

Organizations that rely on Honeywell IQ4x BMS Controllers for building automation are at risk, particularly those with default configurations or those lacking network segmentation. Shared hosting environments where multiple customers share the same network infrastructure are also at increased risk, as a compromise of one customer could potentially lead to access to the IQ4x controller.

• windows / supply-chain: Monitor network traffic for connections to the IQ4x controller's HTTP interface on port 80 or 443. • linux / server: Use ss or netstat to identify connections to the controller's IP address.

ss -t http -l

• generic web: Use curl to attempt access to the HMI without authentication.

curl http://<IQ4x_IP_Address>

• database (mysql, redis, mongodb, postgresql): N/A - this vulnerability does not directly affect databases. • other: Review firewall logs for unauthorized access attempts to the IQ4x controller.

1. 2026-03-12Disclosure

   disclosure

1. Gereserveerd2026-03-05
2. Gepubliceerd2026-03-12
3. Gewijzigd2026-03-30
4. EPSS bijgewerkt2026-03-23

The primary mitigation is to upgrade the Honeywell IQ4x BMS Controller to a patched version as soon as it becomes available. Until a patch is applied, several workarounds can be implemented. First, segment the network to restrict access to the IQ4x controller from untrusted networks. Second, configure a firewall to block external access to the controller's HTTP interface. Third, review and harden the system's configuration, ensuring that authentication is enabled and strong passwords are used. Consider implementing multi-factor authentication if supported by the controller. After implementing these mitigations, verify the configuration by attempting to access the HMI without authentication and confirming that access is denied.