How to fix CVE-2025-2523?

Within 24 hours: Inventory all Experion PKS and OneWireless WDM installations and identify which versions are deployed; isolate affected systems from untrusted networks if possible. Within 7 days: Contact Honeywell support for patch availability and testing guidance; begin change management process for critical systems. Within 30 days: Deploy patches to Experion PKS 520.2 TCU9 HF1, 530.1 TCU3 HF1, and OneWireless 322.5 or 331.1 across all affected hardware components (C300 PCNT02/05, FIM4/8, UOC, CN100, HCA, C300PM, C200E).

Is Honeywell affected by CVE-2025-2523?

A critical vulnerability (CVSS 9.4) in Honeywell Experion PKS and OneWireless WDM could allow remote attackers to execute code by manipulating communication channels through an integer underflow flaw.

CVE-2025-2523

EUVD-2025-21063 CRITICAL

2025-07-10 [email protected]

9.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21063

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 21:15 nvd

CRITICAL 9.4

Description

The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

Analysis

A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 9.4). Critical severity with potential for significant impact on affected systems.

Technical Context

CWE-191 (Integer Underflow). CVSS 9.4 indicates critical severity with likely remote exploitation vector. Affects Honeywell Experion PKS and OneWireless WDM.

Affected Products

['Honeywell Experion PKS and OneWireless WDM']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +47

POC: 0

CVE-2025-2523 vulnerability details – vuln.today

Back

CVE-2025-2523

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-2523

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code