Description
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085BAA, from A1/B1 Base(IMX25) before BK000763BAA_BK000765BAA_CU000101BAA.

This vulnerability could allow a remote attacker within Bluetooth range of the scanner's base station has the capability to remotely execute system commands on the host connected to the base station without authentication. This issue has been assigned  CVE-2026-4272 https://nvd.nist.gov/vuln/detail/CVE-2026-4272 and rated with a severity of High. Honeywell strongly recommends that users upgrade to the latest version identified to resolve the vulnerability.
Published: 2026-04-05
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote execution of system commands via unauthenticated Bluetooth
Action: Immediate Patch
AI Analysis

Impact

A missing authentication flaw in Honeywell handheld barcode scanners permits an unauthenticated attacker with Bluetooth connectivity to send commands that are executed directly on the host computer. The vulnerability enables remote execution of system commands, allowing an attacker to alter data, read sensitive information, or disrupt services. This weakness is categorized as a missing authentication for a critical function (CWE‑306).

Affected Systems

Users of Honeywell barcode scanners are impacted if they operate models C1 Base (Ingenic x1000) with firmware before GK000432BAA, D1 Base (Ingenic x1600) with firmware before HE000085BAA, or A1/B1 Base (IMX25) with firmware before BK000763BAA, BK000765BAA, or CU000101BAA.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.1, indicating a high severity level. No EPSS score is available and the issue is not listed in the CISA KEV catalog. An attacker only needs to be within Bluetooth range of the scanner’s base station and can exploit the flaw without any authentication. This means the potential attack surface is relatively simple, and the likelihood of exploitation is moderate to high. Successful exploitation could compromise the confidentiality, integrity, and availability of the host system connected to the scanner.

Generated by OpenCVE AI on April 6, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Honeywell scanners to the latest firmware for each affected model.
  • Disable or restrict Bluetooth connectivity on the scanner’s base station to prevent unauthorized access.
  • Apply any vendor‑issued security patches to the host system that interfaces with the scanner.
  • Monitor scanner and host logs for unauthorized Bluetooth communication and investigate anomalous command activity.

Generated by OpenCVE AI on April 6, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Honeywell
Honeywell barcode Scanners
Vendors & Products Honeywell
Honeywell barcode Scanners

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085BAA, from A1/B1 Base(IMX25) before BK000763BAA_BK000765BAA_CU000101BAA. This vulnerability could allow a remote attacker within Bluetooth range of the scanner's base station has the capability to remotely execute system commands on the host connected to the base station without authentication. This issue has been assigned  CVE-2026-4272 https://nvd.nist.gov/vuln/detail/CVE-2026-4272 and rated with a severity of High. Honeywell strongly recommends that users upgrade to the latest version identified to resolve the vulnerability.
Title CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Honeywell Barcode Scanners
cve-icon MITRE

Status: PUBLISHED

Assigner: Honeywell

Published:

Updated: 2026-04-06T14:01:35.115Z

Reserved: 2026-03-16T14:45:35.186Z

Link: CVE-2026-4272

cve-icon Vulnrichment

Updated: 2026-04-06T14:01:25.873Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-05T22:16:01.697

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-4272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:07Z

Weaknesses