Sensitive Information Exposure in Honeywell Experion PKS and OneWireless WDM
CVE-2025-2522

6.5MEDIUM

Key Information:

Vendor: Honeywell
Status: C300 Pcnt02; C300 Pcnt05; Fim4; Fim8
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-2522?

A vulnerability in Honeywell Experion PKS and OneWireless WDM allows sensitive information to be exposed through Control Data Access (CDA). Attackers may exploit this weakness to manipulate communication channels, potentially leading to buffer reuse and causing unexpected behavior in the system. Honeywell advises users to update to the latest versions of Experion PKS: 520.2 TCU9 HF1, 530.1 TCU3 HF1, and OneWireless: 322.5 and 331.1 to mitigate this risk.

Affected Version(s)

C200E Experion PKS 520.1 <= 520.2 TCU9

C200E Experion PKS 530 <= 530 TCU3

C300 PCNT02 Experion PKS 520.1 <= 520.2 TCU9

References

https://process.honeywell.com/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Mar 19, 2025

Credit

Positive Technologies