Cyber Resilience

CVE-2025-3946

High

Published: 10 July 2025

Published
10 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0051 66.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3946 is a high-severity Deployment of Wrong Handler (CWE-430) vulnerability. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-3946 is a Deployment of Wrong Handler vulnerability (CWE-430) in the Control Data Access (CDA) component of Honeywell Experion PKS and OneWireless Wireless Device Manager (WDM). The affected Experion PKS products include C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E, with vulnerable versions spanning 520.1 through 520.2 TCU9 and 530 through 530 TCU3. For OneWireless WDM, the impacted versions are 322.1 through 322.4 and 330.1 through 330.3. The vulnerability has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H), indicating high severity due to its network accessibility and potential for significant impact.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables input data manipulation, which leads to incorrect handling of packets and ultimately remote code execution on the affected systems.

Honeywell advisories recommend updating to the latest versions for mitigation: Experion PKS to 520.2 TCU9 HF1 or 530.1 TCU3 HF1, and OneWireless WDM to 322.5 or 331.1. Additional details are available at https://process.honeywell.com/.

EU & UK References

Vulnerability details

The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of…

more

packets leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated network-accessible RCE via wrong handler in public-facing industrial control system component directly matches exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

C200E. The Experion PKS
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the Deployment of Wrong Handler vulnerability by requiring timely remediation through application of Honeywell's recommended patched versions.

prevent

Prevents input data manipulation exploits targeting the Control Data Access component by enforcing validation of all inputs at network interfaces.

prevent

Limits remote network access to the vulnerable CDA service, reducing the attack surface for unauthenticated exploitation leading to RCE.

References