CVE-2025-2521

Vulnerability

Overview

The vulnerability resides in the Control Data Access (CDA) component of Honeywell Experion PKS and OneWireless WDM systems. It is described as a Memory Buffer vulnerability that permits an overread of buffers. This occurs due to improper validation of indices against buffer borders, which can be exploited to cause memory corruption [1].

Attack

Vector and Prerequisites

An attacker with network access to the affected components can exploit this flaw without requiring authentication. The CDA component is integral to data access in process automation environments, making the attack surface available to anyone able to reach the device on the network. The vulnerability is rated High with a CVSS v3 score of 8.6, indicating significant ease of exploitation and potential for serious impact.

Impact on

Systems

Successful exploitation allows an attacker to achieve remote code execution on the affected device. This could give the attacker full control over the industrial control system component, potentially disrupting critical processes or causing physical damage. The affected products include multiple Experion PKS controllers (C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, C200E) running versions from 520.1 through 520.2 TCU9 and 530 through 530 TCU3, as well as OneWireless WDM versions 322.1 through 322.4 and 330.1 through 330.3.

Mitigation and

Remediation

Honeywell has released patched versions to address this vulnerability. Users should upgrade Experion PKS to 520.2 TCU9 HF1 or 530.1 TCU3 HF1, and OneWireless WDM to version 322.5 or 331.1. There are no workarounds mentioned, so applying the updates is the only recommended mitigation [1].