Honeywell Mobile Computers with Android Operating Systems

Monitor7.6ICS-CERT ICSA-18-256-01Sep 13, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A privilege escalation vulnerability exists in the system service on multiple Honeywell mobile computers running Android OS (CK75, CT60, EDA50k, D75e, EDA51, CN51, CN75e, EDA50, CN75, CT40, CN80, EDA60k, EDA70, CT50). A malicious third-party application could exploit this vulnerability to gain elevated system privileges, allowing arbitrary command execution. The vulnerability requires user interaction (installation of the malicious app) but does not require valid credentials.

What this means

What could happen

A malicious app installed on these mobile computers could gain elevated privileges and run system-level commands, potentially allowing an attacker to steal data, modify settings, or disable the device remotely. This affects warehouse and field operations that depend on barcode scanning, inventory, and process monitoring.

Who's at risk

This affects organizations using Honeywell mobile computers for field operations, inventory management, and scanning tasks—particularly water utilities and electric utilities that rely on handheld barcode scanners for equipment maintenance, meter reading, and work order management. Affected models include the CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and all EDA series mobile computers.

How it could be exploited

An attacker distributes a malicious Android app through unofficial app stores or convinces a user to install it. Once installed, the app exploits a privilege escalation vulnerability in the system service to gain elevated privileges and run arbitrary commands with system-level access.

Prerequisites

User must install a malicious third-party application on the mobile computer
The mobile computer must be running one of the affected Honeywell models and Android OS versions listed

no authentication required to trigger vulnerabilitylow complexity exploitationaffects mobile devices used in operationsno patch available for many affected product versions (end-of-life products)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (17)

17 pending

ProductAffected VersionsFix Status

CK75 running Android OS: 6.06.0No fix yet

CT60 running Android OS: 7.17.1No fix yet

EDA50k running Android OS: 7.17.1No fix yet

D75e running Android OS: 4.44.4No fix yet

EDA51 running Android OS: 8.18.1No fix yet

Remediation & Mitigation

0/20

Do now

0/1

WORKAROUNDEnable application whitelisting on all affected mobile computers to allow only trusted applications to run

Schedule — requires maintenance window

0/17

Patching may require device reboot — plan for process interruption

Long-term hardening

0/2

HARDENINGRestrict network access to affected mobile computers; segment them from direct internet exposure and isolate from the main business network

HARDENINGEstablish a policy prohibiting installation of third-party applications from unofficial sources

CVEs (1)

CVE-2018-14825

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close