Honeywell INNCOM INNControl 3 Vulnerability 1. Executive Summary CVSS v3: 6.6 Attention: Low skill level to exploit Vendor: Honeywell Equipment: INNCOM INNControl 3 Vulnerability: Improper Privilege Management 2. Risk Evaluation Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application. 3. Technical Details 3.1 Affected Products The following versions of INNCOM INNControl 3 are affected: INNControl 3, Versions 3.21 and prior 3.2 Vulnerability Overview CWE-269: Improper Privilege Management The affected product allows workstation users to escalate application user privileges through the modification of local configuration files. CVE-2020-6968: CVSS v3 base score of 6.6 3.4 Researcher Honeywell reported this vulnerability to CISA. 4. Mitigations Update the software of potentially impacted systems. Disable unnecessary accounts and services. Restrict system access to authorized personnel only. Apply defense-in-depth strategies.