Honeywell Mobile Computers with Android Operating Systems

Risk Summary

A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile computers running the Android Operating System (OS) could allow a malicious third-party application to gain elevated privileges.

CVEs (1)

Remediations

• Honeywell has released software updates that resolve this vulnerability. All users using the impacted products should update their products as indicated below. Only products listed below are affected by this vulnerability.
• Honeywell strongly recommends that users upgrade to the version identified below to resolve the vulnerability.
• Updates are available at https://hsmftp.honeywell.com or from Honeywell through product support.
• CT60 running Android OS 7.1 - (GMS version) Upgrade to Android OS release 84.00.11 or later; (non-GMS version) Upgrade to Android OS release 83.00.11 or later
• CN80 running Android OS 7.1 - (GMS version) Upgrade to Android OS release 84.00.11 or later; (non-GMS version) Upgrade to Android OS release 83.00.11 or later
• CT40 running Android OS 7.1 - (GMS version) Upgrade to Android OS release 84.00.11 or later; (non-GMS version) Upgrade to Android OS release 83.00.11 or later
• CK75 running Android OS 6.0 - Update CommonES to 4.02.00.4082 or later; Update ECP to Version 2.30.00.0167 or later (if applicable)
• CN75 running Android OS 6.0 - Update CommonES to 4.02.00.4082 or later; Update ECP to Version 2.30.00.0167 or later (if applicable)
• CN75e running Android OS 6.0 - Update CommonES to 4.02.00.4082 or later; Update ECP to Version 2.30.00.0167 or later (if applicable)
• CT50 running Android OS 6.0 - Update to CommonES 4.01.00.4134 or later; Update ECP to Version 2.30.00.0167 or later (if applicable)
• D75e running Android OS 6.0 - Update to CommonES 4.01.00.4134 or later; Update ECP to Version 2.30.00.0167 or later (if applicable)
• CT50 running Android OS 4.4 - Update to CommonES 3.17.3445 or later
• D75e running Android OS 4.4 - Update to CommonES 3.17.3445 or later
• CN51 running Android OS 6.0 - Update to CommonES 4.01.03.3992 or later; Update ECP to Version 2.30.00.0167 or later (if applicable)
• EDA50k running Android OS 4.4 - Update to CommonES 3.17.3321.10 or later, release will be available: 9/21/2018
• EDA50 running Android OS 7.1 - Update to CommonES 5.01.01.4217 or later, release will be available: 9/17/2018
• EDA50k running Android OS 7.1 - Update to CommonES 5.01.01.4217 or later, release will be available: 9/17/2018
• EDA70 running Android OS 7.1 - Update to CommonES 5.01.01.4217 or later, release will be available: 9/17/2018
• EDA60k running Android OS 7.1 - (non-GMS) Upgrade to Android OS release 206.01.00.0018 or later; Update ECP to Version 2.30.00.0167 or later, release will be available: 9/17/2018
• EDA51 running Android OS 8.1 - Update to CommonES 6.02.01.4593, release will be available: 9/17/2018
• Honeywell always recommends the whitelisting of trusted applications to limit risk from malicious apps being installed on the device. Please see the Android Network and Security Guide for additional information:
• For assistance with this vulnerability, please contact Honeywell through product support.

Affected Vendors

Affected Products (17)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Healthcare and Public Health