CVE-2025-3946
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-15
Assigner: Honeywell International Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| honeywell | experion_pks | 520.2 |
| honeywell | onewireless | 322.1 |
| honeywell | onewireless | 322.4 |
| honeywell | experion_pks | 520.1 |
| honeywell | experion_pks | 530 |
| honeywell | onewireless | 330.1 |
| honeywell | experion_pks | 530.1_tcu3_hf1 |
| honeywell | onewireless | 331.1 |
| honeywell | onewireless | 330.3 |
| honeywell | experion_pks | 520.2_tcu9_hf1 |
| honeywell | onewireless | 322.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-430 | The wrong "handler" is assigned to process an object. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Honeywell Experion PKS and OneWireless WDM products within the Control Data Access (CDA) component. It is caused by the deployment of a wrong handler, which an attacker could exploit to manipulate input data. This manipulation can lead to incorrect handling of packets and potentially result in remote code execution.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to manipulate input data and execute remote code on affected systems. This could lead to unauthorized control over the system, disruption of operations, or other malicious activities impacting system integrity and availability.
What immediate steps should I take to mitigate this vulnerability?
Honeywell recommends updating to the most recent versions of Honeywell Experion PKS (520.2 TCU9 HF1 and 530.1 TCU3 HF1) and OneWireless WDM (322.5 and 331.1) to mitigate this vulnerability.