CVE-2025-2522
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-15
Assigner: Honeywell International Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| honeywell | onewireless | 322.1 |
| honeywell | experion_pks | 520.1 |
| honeywell | experion_pks | 530 |
| honeywell | onewireless | 330.1 |
| honeywell | onewireless | 331.1 |
| honeywell | experion_pks | 520.2_tcu9_hf1 |
| honeywell | onewireless | 322.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-226 | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Honeywell Experion PKS and OneWireless WDM involves sensitive information exposure in the Control Data Access (CDA) component. An attacker could exploit it to manipulate communication channels, potentially causing buffer reuse that may lead to incorrect system behavior.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to manipulate communication channels and cause buffer reuse, which may result in incorrect system behavior. This could affect the reliability and security of the affected Honeywell systems.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, Honeywell recommends updating to the most recent versions of the affected products: Honeywell Experion PKS versions 520.2 TCU9 HF1 and 530.1 TCU3 HF1, and OneWireless WDM versions 322.5 and 331.1.