CVSS: 8.5EPSS: 0%CPEs: 18EXPL: 0CVE-2025-3947 – Integer underflow during processing of short network packets in CDA FTEB responder
https://notcve.org/view.php?id=CVE-2025-3947
10 Jul 2025 — The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leading to a denial of service. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8... • https://process.honeywell.com • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2025-3946 – Incorrect response generation during FTEB protocol processing
https://notcve.org/view.php?id=CVE-2025-3946
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of packets leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products ar... • https://process.honeywell.com • CWE-430: Deployment of Wrong Handler •
CVSS: 9.7EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2523 – Lack of buffer clearing before reuse may result in incorrect system behavior.
https://notcve.org/view.php?id=CVE-2025-2523
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products a... • https://process.honeywell.com • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2522 – Lack of buffer clearing before reuse may result in incorrect system behavior.
https://notcve.org/view.php?id=CVE-2025-2522
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may cause incorrect system behavior. Honeywell also recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion P... • https://process.honeywell.com • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2521 – Lack of indexes’ validation against buffer borders leads to remote code execution.
https://notcve.org/view.php?id=CVE-2025-2521
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer borders leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products ... • https://process.honeywell.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38397 – Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2021-38397
28 Oct 2022 — Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a la carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de Servicio. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38395 – Honeywell Experion PKS and ACE Controllers Injection
https://notcve.org/view.php?id=CVE-2021-38395
28 Oct 2022 — Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a una neutralización inadecuada de elementos especiales en la salida, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de S... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38399 – Honeywell Experion PKS and ACE Controllers Relative Path Traversal
https://notcve.org/view.php?id=CVE-2021-38399
28 Oct 2022 — Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables al Path Traversal relativa, lo que puede permitir que un atacante acceda a archivos y directorios no autorizados. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •