CVE-2025-2523 PUBLISHED

Lack of buffer clearing before reuse may result in incorrect system behavior.

Assigner: Honeywell
Reserved: 19.03.2025 Published: 10.07.2025 Updated: 10.07.2025

The Honeywell Experion PKS

and OneWireless WDM

contains an Integer Underflow

vulnerability

in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution.

Honeywell recommends updating to the most recent version of

Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1.

The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CVSS Score: 9.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Honeywell
Product	C300 PCNT02
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	C300 PCNT05
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	FIM4
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	FIM8
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	UOC
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	CN100
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	HCA
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	C300PM
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	C200E
Versions	Default: unaffected affected from 520.1 to 520.2 TCU9 (incl.) affected from 530 to 530 TCU3 (incl.)

Vendor	Honeywell
Product	Wireless Device Manager
Versions	Default: unaffected affected from 322.1 to 322.4 (incl.) affected from 330.1 to 330.3 (incl.)

Credits

Positive Technologies finder

References

https://process.honeywell.com/

Problem Types

CWE-191 Integer Underflow (Wrap or Wraparound) CWE

Impacts

CAPEC-216 Communication Channel Manipulation