Skip to main content

Honeywell CVE-2026-4272

| EUVDEUVD-2026-19128 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-04-05 psirt@honeywell.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 05, 2026 - 22:22 euvd
EUVD-2026-19128
Analysis Generated
Apr 05, 2026 - 22:22 vuln.today
CVE Published
Apr 05, 2026 - 22:16 nvd
HIGH 8.1

DescriptionCVE.org

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085BAA, from A1/B1 Base(IMX25) before BK000763BAA_BK000765BAA_CU000101BAA.

This vulnerability could allow a remote attacker within Bluetooth range of the scanner's base station has the capability to remotely execute system commands on the host connected to the base station without authentication. This issue has been assigned  CVE-2026-4272 https://nvd.nist.gov/vuln/detail/CVE-2026-4272 and rated with a severity of High. Honeywell strongly recommends that users upgrade to the latest version identified to resolve the vulnerability.

AnalysisAI

Remote unauthenticated command execution in Honeywell Handheld Scanner base stations (C1/D1/A1/B1 models) allows attackers within Bluetooth range to execute system commands on connected host systems without authentication. Affects C1 Base (Ingenic x1000) before GK000432BAA, D1 Base (Ingenic x1600) before HE000085BAA, and A1/B1 Base (IMX25) before BK000763BAA/BK000765BAA/CU000101BAA. CVSS 8.1 (High) reflects high confidentiality and integrity impact with network attack vector requiring user interaction. No public exploit identified at time of analysis, though the missing authentication (CWE-306) combined with proximity-based Bluetooth attack vector creates significant risk for environments using these industrial scanning devices.

Technical ContextAI

This vulnerability stems from missing authentication for critical functions (CWE-306) in the Bluetooth communication protocol between Honeywell handheld scanner base stations and connected host systems. The affected base stations use various embedded processors: C1 models use Ingenic x1000 SoCs, D1 models use Ingenic x1600 SoCs, and A1/B1 models use Freescale i.MX25 processors. The absence of authentication controls on critical command execution interfaces allows the base station to accept and relay system commands from unauthorized Bluetooth-capable devices within radio range (typically 10-100 meters depending on Bluetooth class). The vulnerability exploits the trust relationship between the scanner base and the connected host system, enabling attackers to leverage the base station as a command relay without presenting valid credentials.

RemediationAI

Honeywell has released patched firmware versions addressing this authentication bypass vulnerability. Organizations should immediately upgrade C1 Base scanners to firmware version GK000432BAA or later, D1 Base scanners to HE000085BAA or later, and A1/B1 Base scanners to BK000763BAA, BK000765BAA, or CU000101BAA as appropriate for their specific model. Firmware updates should be obtained through authorized Honeywell support channels or partner distributors. Until patches can be deployed, organizations should implement compensating controls including physically securing scanner base stations in controlled-access areas to limit Bluetooth proximity attacks, disabling Bluetooth functionality if alternative connectivity options exist, monitoring host systems connected to scanner bases for unauthorized command execution, and restricting base station deployments to isolated network segments where command execution cannot reach critical systems. Consult Honeywell PSIRT advisory at https://nvd.nist.gov/vuln/detail/CVE-2026-4272 for additional vendor-specific guidance and firmware acquisition procedures.

CVE-2013-0108 MEDIUM POC
6.8 Feb 24

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R

CVE-2015-0984 CRITICAL POC
10.0 Mar 31

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C

CVE-2023-3710 CRITICAL POC
9.8 Sep 12

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injec

CVE-2017-14263 HIGH
8.1 Sep 11

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest

CVE-2017-5671 HIGH POC
8.8 Mar 29

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x befo

CVE-2014-8269 HIGH
7.5 Dec 13

Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.

CVE-2025-2605 CRITICAL
9.9 May 02

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB

CVE-2026-3611 CRITICAL
10.0 Mar 12

Unauthenticated access to Honeywell IQ4x building controller HMI. CVSS 10.0.

CVE-2017-5140 CRITICAL
9.8 Feb 13

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-

CVE-2017-5139 CRITICAL
9.8 Feb 13

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-

CVE-2023-25178 CRITICAL
9.8 Jul 13

Controller may be loaded with malicious firmware which could enable remote code execution. Rated critical severity (CVSS

CVE-2022-30318 CRITICAL
9.8 Aug 31

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability

Share

CVE-2026-4272 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy