CVSS: 8.5EPSS: 0%CPEs: 18EXPL: 0CVE-2025-3947 – Integer underflow during processing of short network packets in CDA FTEB responder
https://notcve.org/view.php?id=CVE-2025-3947
10 Jul 2025 — The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leading to a denial of service. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8... • https://process.honeywell.com • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2025-3946 – Incorrect response generation during FTEB protocol processing
https://notcve.org/view.php?id=CVE-2025-3946
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of packets leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products ar... • https://process.honeywell.com • CWE-430: Deployment of Wrong Handler •
CVSS: 9.7EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2523 – Lack of buffer clearing before reuse may result in incorrect system behavior.
https://notcve.org/view.php?id=CVE-2025-2523
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products a... • https://process.honeywell.com • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2522 – Lack of buffer clearing before reuse may result in incorrect system behavior.
https://notcve.org/view.php?id=CVE-2025-2522
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may cause incorrect system behavior. Honeywell also recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion P... • https://process.honeywell.com • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2521 – Lack of indexes’ validation against buffer borders leads to remote code execution.
https://notcve.org/view.php?id=CVE-2025-2521
10 Jul 2025 — The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer borders leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products ... • https://process.honeywell.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2025-2520 – Dereferencing of an uninitialized pointer leads to denial of service.
https://notcve.org/view.php?id=CVE-2025-2520
10 Jul 2025 — The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to a denial of service. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1and 530.1 TCU3 HF1. The affected Experion PKS products are C300 PCNT02, EHB, EHPM, ELMM, Clas... • https://process.honeywell.com • CWE-457: Use of Uninitialized Variable •