PT-2025-29159 · Honeywell · Experion Pks C200E+9
Positive Technologies
·
Published
2025-03-12
·
Updated
2025-07-11
·
CVE-2025-2522
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Honeywell Experion PKS versions prior to 520.2 TCU9 HF1 and versions prior to 530 TCU3
Honeywell OneWireless WDM versions 322.1 through 322.4
Honeywell OneWireless WDM versions 330.1 through 330.3
Honeywell Experion PKS C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E (affected versions not specified)
Description:
The Honeywell Experion PKS and OneWireless WDM contain a sensitive information vulnerability in the Control Data Access (CDA) component. An attacker could potentially exploit this issue, leading to communication channel manipulation and buffer reuse, which may cause incorrect system behavior.
Recommendations:
Honeywell Experion PKS versions prior to 520.2 TCU9 HF1: Update to version 520.2 TCU9 HF1.
Honeywell Experion PKS versions prior to 530 TCU3: Update to version 530 TCU3.
Honeywell OneWireless WDM versions 322.1 through 322.4: Update to version 322.5.
Honeywell OneWireless WDM versions 330.1 through 330.3: Update to version 331.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Experion Pks
Experion Pks C200E
Experion Pks C300
Experion Pks C300Pm
Experion Pks Cn100
Experion Pks Fim4
Experion Pks Fim8
Experion Pks Hca
Experion Pks Uoc
Onewireless Wdm