CVE-2025-2521

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS versions 520.1 through 520.2 TCU9 Honeywell Experion PKS versions 530 through 530 TCU3 Honeywell OneWireless WDM versions 322.1 through 322.4 Honeywell OneWireless WDM versions 330.1 through 330.3

Description: The Honeywell Experion PKS and OneWireless WDM contain a memory buffer vulnerability in the Control Data Access (CDA) component. This vulnerability could allow an attacker to perform an overread of buffers, potentially leading to improper index validation against buffer borders and resulting in remote code execution. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E.

Recommendations: Honeywell Experion PKS versions 520.1 through 520.2 TCU9: Update to 520.2 TCU9 HF1. Honeywell Experion PKS versions 530 through 530 TCU3: Update to 530.1 TCU3 HF1. Honeywell OneWireless WDM versions 322.1 through 322.4: Update to 322.5. Honeywell OneWireless WDM versions 330.1 through 330.3: Update to 331.1.