CVE-2025-2523
Lack of buffer clearing before reuse may result in incorrect system behavior.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-03-19 CVE Reserved
- 2025-07-10 CVE Published
- 2025-07-10 CVE Updated
- 2025-07-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
- CAPEC-216: Communication Channel Manipulation
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Honeywell Search vendor "Honeywell" | C300 PCNT02 Search vendor "Honeywell" for product "C300 PCNT02" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "C300 PCNT02" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C300 PCNT02 Search vendor "Honeywell" for product "C300 PCNT02" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "C300 PCNT02" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C300 PCNT05 Search vendor "Honeywell" for product "C300 PCNT05" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "C300 PCNT05" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C300 PCNT05 Search vendor "Honeywell" for product "C300 PCNT05" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "C300 PCNT05" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | FIM4 Search vendor "Honeywell" for product "FIM4" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "FIM4" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | FIM4 Search vendor "Honeywell" for product "FIM4" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "FIM4" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | FIM8 Search vendor "Honeywell" for product "FIM8" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "FIM8" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | FIM8 Search vendor "Honeywell" for product "FIM8" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "FIM8" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | UOC Search vendor "Honeywell" for product "UOC" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "UOC" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | UOC Search vendor "Honeywell" for product "UOC" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "UOC" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | CN100 Search vendor "Honeywell" for product "CN100" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "CN100" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | CN100 Search vendor "Honeywell" for product "CN100" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "CN100" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | HCA Search vendor "Honeywell" for product "HCA" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "HCA" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | HCA Search vendor "Honeywell" for product "HCA" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "HCA" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C300PM Search vendor "Honeywell" for product "C300PM" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "C300PM" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C300PM Search vendor "Honeywell" for product "C300PM" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "C300PM" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C200E Search vendor "Honeywell" for product "C200E" | >= 520.1 <= 520.2 TCU9 Search vendor "Honeywell" for product "C200E" and version " >= 520.1 <= 520.2 TCU9" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | C200E Search vendor "Honeywell" for product "C200E" | >= 530 <= 530 TCU3 Search vendor "Honeywell" for product "C200E" and version " >= 530 <= 530 TCU3" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | Wireless Device Manager Search vendor "Honeywell" for product "Wireless Device Manager" | >= 322.1 <= 322.4 Search vendor "Honeywell" for product "Wireless Device Manager" and version " >= 322.1 <= 322.4" | en |
Affected
| ||||||
| Honeywell Search vendor "Honeywell" | Wireless Device Manager Search vendor "Honeywell" for product "Wireless Device Manager" | >= 330.1 <= 330.3 Search vendor "Honeywell" for product "Wireless Device Manager" and version " >= 330.1 <= 330.3" | en |
Affected
| ||||||