Honeywell EBI, SymmetrE, and ComfortPoint Open Manager Station

CVEs (1)

Remediations

• Honeywell recommends disabling HscRemoteDeploy.dll from any client or server computers on affected systems. This DLL is not used for any runtime functions and is only required to simplify the installation or upgrade of the HMIWeb Browser client.
• Honeywell has created a Station Security Update package that disables the DLL. It should be run on the EBI servers, all Station client PCs, and any PCs that have used the HMIWeb Browser client. Honeywell recommends asset owners contact their local HBS service representative as this update should only be performed by a qualified, trained resource.
• Honeywell has requested that Microsoft issue a kill bit for the HscRemoteDeploy.dll in a future monthly Microsoft Windows security update. This will also automatically disable the DLL on any affected system that is using the Windows Update feature in the listed Honeywell products.
• Honeywell EBI, SymmetrE, and CPO-M users can find more information in Honeywell’s Bulletin CSA-2013-0131-01 or Product Bulletin 581 on the EBI support website.Honeywell Enterprise Buildings Integrator, (https://buildingsolutions.honeywell.com/Cultures/en-US/ServicesSolutions/BuildingManagementSystems/EnterpriseBuildingsIntegrator/), (login required)

Affected Vendors

Affected Products (3)