Experion
by Honeywell
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2523 | Cri | 0.61 | 9.4 | 0.01 | Jul 10, 2025 | The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a… | ||
| CVE-2025-2521 | Hig | 0.56 | 8.6 | 0.00 | Jul 10, 2025 | The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against… | ||
| CVE-2025-3947 | Hig | 0.53 | 8.2 | 0.00 | Jul 10, 2025 | The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking… | ||
| CVE-2025-3946 | Hig | 0.53 | 8.2 | 0.00 | Jul 10, 2025 | The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in… | ||
| CVE-2025-2520 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2025 | The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an… | ||
| CVE-2025-2522 | Med | 0.42 | 6.5 | 0.00 | Jul 10, 2025 | The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result… | ||
| CVE-2023-25948 | 0.00 | — | 0.00 | Jul 13, 2023 | Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||
| CVE-2023-25078 | 0.00 | — | 0.01 | Jul 13, 2023 | Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||
| CVE-2023-24474 | 0.00 | — | 0.01 | Jul 13, 2023 | Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message | |||
| CVE-2023-23585 | 0.00 | — | 0.01 | Jul 13, 2023 | Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||
| CVE-2023-22435 | 0.00 | — | 0.01 | Jul 13, 2023 | Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | |||
| CVE-2021-38397 | 0.00 | — | 0.01 | Oct 28, 2022 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | |||
| CVE-2021-38395 | 0.00 | — | 0.01 | Oct 28, 2022 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | |||
| CVE-2021-38399 | 0.00 | — | 0.01 | Oct 28, 2022 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | |||
| CVE-2022-30317 | 0.00 | — | 0.01 | Aug 31, 2022 | Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are… | |||
| CVE-2014-5435 | 0.00 | — | 0.03 | Apr 8, 2019 | An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and… | |||
| CVE-2014-5436 | 0.00 | — | 0.03 | Apr 8, 2019 | A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running… | |||
| CVE-2014-9186 | 0.00 | — | 0.04 | Apr 8, 2019 | A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code… | |||
| CVE-2014-9187 | 0.00 | — | 0.04 | Mar 25, 2019 | Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly… | |||
| CVE-2014-9189 | 0.00 | — | 0.05 | Mar 25, 2019 | Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial… |
- risk 0.61cvss 9.4epss 0.01
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a…
- risk 0.56cvss 8.6epss 0.00
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against…
- risk 0.53cvss 8.2epss 0.00
The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking…
- risk 0.53cvss 8.2epss 0.00
The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in…
- risk 0.49cvss 7.5epss 0.00
The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an…
- risk 0.42cvss 6.5epss 0.00
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result…
- CVE-2023-25948Jul 13, 2023risk 0.00cvss —epss 0.00
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
- CVE-2023-25078Jul 13, 2023risk 0.00cvss —epss 0.01
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.
- CVE-2023-24474Jul 13, 2023risk 0.00cvss —epss 0.01
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
- CVE-2023-23585Jul 13, 2023risk 0.00cvss —epss 0.01
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.
- CVE-2023-22435Jul 13, 2023risk 0.00cvss —epss 0.01
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
- CVE-2021-38397Oct 28, 2022risk 0.00cvss —epss 0.01
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
- CVE-2021-38395Oct 28, 2022risk 0.00cvss —epss 0.01
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
- CVE-2021-38399Oct 28, 2022risk 0.00cvss —epss 0.01
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
- CVE-2022-30317Aug 31, 2022risk 0.00cvss —epss 0.01
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are…
- CVE-2014-5435Apr 8, 2019risk 0.00cvss —epss 0.03
An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and…
- CVE-2014-5436Apr 8, 2019risk 0.00cvss —epss 0.03
A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running…
- CVE-2014-9186Apr 8, 2019risk 0.00cvss —epss 0.04
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code…
- CVE-2014-9187Mar 25, 2019risk 0.00cvss —epss 0.04
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly…
- CVE-2014-9189Mar 25, 2019risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial…
Page 1 of 2