Vulnerabilites related to Honeywell - ELMM
CVE-2025-2520 (GCVE-0-2025-2520)
Vulnerability from cvelistv5
Published
2025-07-10 19:54
Modified
2025-08-04 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to a denial of service.
Honeywell recommends updating to the most recent version of
Honeywell Experion PKS: 520.2 TCU9 HF1and 530.1 TCU3 HF1. The affected Experion PKS products are
C300 PCNT02, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, PGM, and RFIM. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Honeywell | C300 PCNT02 |
Version: 520.1 ≤ 520.2 TCU9 Version: 530 ≤ 530 TCU3 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:33:19.670618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:33:30.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300 PCNT02",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "EHB",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "EHPM",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "ELMM",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Classic ENIM",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "ETN",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "FIM4",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "FIM8",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "PGM",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "RFIM",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU9",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "530 TCU3",
"status": "affected",
"version": "530",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Demid Uzenkov and Kirill Kutaev (Positive Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Honeywell Experion PKS contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUninitialized Variable i\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en the common Epic Platform Analyzer (EPA) communications\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a d\u003c/span\u003eereferencing of an uninitialized pointer leading to a denial of service.\u003cbr\u003e\u003cbr\u003e\n\nHoneywell recommends updating to the most recent version of \n\nHoneywell Experion PKS: 520.2 TCU9 HF1and\u0026nbsp;530.1 TCU3 HF1.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected Experion PKS products are \n\nC300 PCNT02, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, PGM, and RFIM. The Experion PKS versions affected are\u0026nbsp;from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to a denial of service.\n\n\n\nHoneywell recommends updating to the most recent version of \n\nHoneywell Experion PKS: 520.2 TCU9 HF1and\u00a0530.1 TCU3 HF1.\u00a0The affected Experion PKS products are \n\nC300 PCNT02, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, PGM, and RFIM. The Experion PKS versions affected are\u00a0from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T19:44:48.506Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dereferencing of an uninitialized pointer leads to denial of service.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2025-2520",
"datePublished": "2025-07-10T19:54:35.250Z",
"dateReserved": "2025-03-19T13:57:27.868Z",
"dateUpdated": "2025-08-04T19:44:48.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}