CVE-2025-2520

Summary

The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to a denial of service.

Honeywell recommends updating to the most recent version of

Honeywell Experion PKS: 520.2 TCU9 HF1and 530.1 TCU3 HF1. The affected Experion PKS products are

C300 PCNT02, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, PGM, and RFIM. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300 PCNT02520.1 <= 520.2 TCU9affected
HoneywellC300 PCNT02530 <= 530 TCU3affected
HoneywellEHB520.1 <= 520.2 TCU9affected
HoneywellEHB530 <= 530 TCU3affected
HoneywellEHPM520.1 <= 520.2 TCU9affected
HoneywellEHPM530 <= 530 TCU3affected
HoneywellELMM520.1 <= 520.2 TCU9affected
HoneywellELMM530 <= 530 TCU3affected
HoneywellClassic ENIM520.1 <= 520.2 TCU9affected
HoneywellClassic ENIM530 <= 530 TCU3affected
HoneywellETN520.1 <= 520.2 TCU9affected
HoneywellETN530 <= 530 TCU3affected
HoneywellFIM4520.1 <= 520.2 TCU9affected
HoneywellFIM4530 <= 530 TCU3affected
HoneywellFIM8520.1 <= 520.2 TCU9affected
HoneywellFIM8530 <= 530 TCU3affected
HoneywellPGM520.1 <= 520.2 TCU9affected
HoneywellPGM530 <= 530 TCU3affected
HoneywellRFIM520.1 <= 520.2 TCU9affected
HoneywellRFIM530 <= 530 TCU3affected

Weaknesses

  • CWE-457: CWE-457 Use of Uninitialized Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References