CVE-2025-2522: CWE-226 Sensitive Information in Resource Not Removed Before Reuse in Honeywell C300 PCNT02
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may cause incorrect system behavior. Honeywell also recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are 520.1 before 520.2 TCU9 HF1 and 530 before 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
AI Analysis
Technical Summary
CVE-2025-2522 is a medium-severity vulnerability affecting Honeywell's Experion PKS and OneWireless WDM industrial control system components, specifically within the Control Data Access (CDA) module. The vulnerability is classified under CWE-226, which involves sensitive information remaining in resources that are not properly cleared before reuse. This flaw can lead to the leakage of sensitive data through buffer reuse, potentially enabling an attacker to manipulate communication channels. The affected products include Experion PKS versions prior to 520.2 TCU9 HF1 and 530 TCU3 HF1, and OneWireless WDM versions 322.1 through 322.4 and 330.1 through 330.3. Specific hardware impacted includes C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The vulnerability allows remote exploitation without authentication or user interaction (CVSS vector: AV:N/AC:L/PR:N/UI:N), meaning an attacker can potentially exploit this over the network with low complexity. The impact primarily concerns confidentiality and integrity, as sensitive information leakage could facilitate further attacks or unauthorized system manipulation. Honeywell recommends updating to the latest patched versions to mitigate this issue. No known exploits are currently reported in the wild, but the nature of the vulnerability in critical industrial control systems warrants prompt attention.
Potential Impact
For European organizations, especially those operating critical infrastructure such as energy, manufacturing, or utilities that rely on Honeywell Experion PKS and OneWireless WDM systems, this vulnerability poses a significant risk. Leakage of sensitive control data could enable attackers to gain insights into operational parameters or manipulate communication channels, potentially disrupting industrial processes or causing incorrect system behavior. Such disruptions could lead to operational downtime, safety hazards, or regulatory non-compliance under frameworks like NIS2. The confidentiality breach could also expose sensitive operational data to competitors or threat actors, undermining trust and causing financial or reputational damage. Given the remote exploitability without authentication, attackers could target exposed network interfaces, increasing the risk of widespread impact if systems are not properly segmented or updated.
Mitigation Recommendations
European organizations should immediately assess their deployment of Honeywell Experion PKS and OneWireless WDM products to identify affected versions and hardware. The primary mitigation is to apply the vendor-recommended updates to Experion PKS versions 520.2 TCU9 HF1 or later and 530 TCU3 HF1 or later, and OneWireless WDM versions 322.5 and 331.1 or later. Network segmentation should be enforced to isolate industrial control systems from general IT networks and the internet, reducing exposure to remote attacks. Implement strict access controls and monitoring on communication channels to detect anomalies indicative of exploitation attempts. Additionally, organizations should conduct regular security audits and vulnerability assessments on their ICS environments. Employing intrusion detection systems tailored for industrial protocols can help identify suspicious activities related to communication channel manipulation. Finally, maintain an incident response plan specific to ICS environments to quickly address any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Finland
CVE-2025-2522: CWE-226 Sensitive Information in Resource Not Removed Before Reuse in Honeywell C300 PCNT02
Description
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which may cause incorrect system behavior. Honeywell also recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are 520.1 before 520.2 TCU9 HF1 and 530 before 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
AI-Powered Analysis
Technical Analysis
CVE-2025-2522 is a medium-severity vulnerability affecting Honeywell's Experion PKS and OneWireless WDM industrial control system components, specifically within the Control Data Access (CDA) module. The vulnerability is classified under CWE-226, which involves sensitive information remaining in resources that are not properly cleared before reuse. This flaw can lead to the leakage of sensitive data through buffer reuse, potentially enabling an attacker to manipulate communication channels. The affected products include Experion PKS versions prior to 520.2 TCU9 HF1 and 530 TCU3 HF1, and OneWireless WDM versions 322.1 through 322.4 and 330.1 through 330.3. Specific hardware impacted includes C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The vulnerability allows remote exploitation without authentication or user interaction (CVSS vector: AV:N/AC:L/PR:N/UI:N), meaning an attacker can potentially exploit this over the network with low complexity. The impact primarily concerns confidentiality and integrity, as sensitive information leakage could facilitate further attacks or unauthorized system manipulation. Honeywell recommends updating to the latest patched versions to mitigate this issue. No known exploits are currently reported in the wild, but the nature of the vulnerability in critical industrial control systems warrants prompt attention.
Potential Impact
For European organizations, especially those operating critical infrastructure such as energy, manufacturing, or utilities that rely on Honeywell Experion PKS and OneWireless WDM systems, this vulnerability poses a significant risk. Leakage of sensitive control data could enable attackers to gain insights into operational parameters or manipulate communication channels, potentially disrupting industrial processes or causing incorrect system behavior. Such disruptions could lead to operational downtime, safety hazards, or regulatory non-compliance under frameworks like NIS2. The confidentiality breach could also expose sensitive operational data to competitors or threat actors, undermining trust and causing financial or reputational damage. Given the remote exploitability without authentication, attackers could target exposed network interfaces, increasing the risk of widespread impact if systems are not properly segmented or updated.
Mitigation Recommendations
European organizations should immediately assess their deployment of Honeywell Experion PKS and OneWireless WDM products to identify affected versions and hardware. The primary mitigation is to apply the vendor-recommended updates to Experion PKS versions 520.2 TCU9 HF1 or later and 530 TCU3 HF1 or later, and OneWireless WDM versions 322.5 and 331.1 or later. Network segmentation should be enforced to isolate industrial control systems from general IT networks and the internet, reducing exposure to remote attacks. Implement strict access controls and monitoring on communication channels to detect anomalies indicative of exploitation attempts. Additionally, organizations should conduct regular security audits and vulnerability assessments on their ICS environments. Employing intrusion detection systems tailored for industrial protocols can help identify suspicious activities related to communication channel manipulation. Finally, maintain an incident response plan specific to ICS environments to quickly address any exploitation attempts.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Honeywell
- Date Reserved
- 2025-03-19T13:57:30.424Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68701f8ba83201eaaca99fe3
Added to database: 7/10/2025, 8:16:11 PM
Last enriched: 8/5/2025, 12:36:53 AM
Last updated: 8/15/2025, 5:00:14 AM
Views: 21
Related Threats
CVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.