Deployment of Incorrect Handler in Honeywell Experion PKS and OneWireless WDM
CVE-2025-3946

8.2HIGH

Key Information:

Vendor: Honeywell
Status: C300 Pcnt02; C300 Pcnt05; Fim4; Fim8
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-3946?

The Honeywell Experion PKS and OneWireless WDM expose a vulnerability in the Control Data Access (CDA) component due to an improper deployment of a handler. This flaw allows attackers to manipulate input data, potentially leading to incorrect packet handling and the risk of remote code execution. To mitigate this risk, Honeywell advises updating to the latest software versions for Experion PKS and OneWireless WDM available on their platform.

Affected Version(s)

C200E Experion PKS 520.1 <= 520.2 TCU9

C200E Experion PKS 530 <= 530 TCU3

C300 PCNT02 Experion PKS 520.1 <= 520.2 TCU9

References

https://process.honeywell.com/

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 25, 2025

Credit

Positive Technologies