Memory Buffer Vulnerability in Honeywell Experion PKS and OneWireless WDM
CVE-2025-2521

8.6HIGH

Key Information:

Vendor: Honeywell
Status: C300 Pcnt02; C300 Pcnt05; Fim4; Fim8
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-2521?

Honeywell's Experion PKS and OneWireless WDM systems exhibit a critical flaw in the Control Data Access (CDA) component, characterized as a Memory Buffer vulnerability. This vulnerability can potentially be exploited, leading to an risk involving buffer overreads that compromise index validation against buffer boundaries. Successful exploitation could enable attackers to execute arbitrary code remotely. Honeywell urges users to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

C200E Experion PKS 520.1 <= 520.2 TCU9

C200E Experion PKS 530 <= 530 TCU3

C300 PCNT02 Experion PKS 520.1 <= 520.2 TCU9

References

https://process.honeywell.com/

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Mar 19, 2025

Credit

Positive Technologies