CVE-2025-3946
Published: 10 July 2025
Summary
CVE-2025-3946 is a high-severity Deployment of Wrong Handler (CWE-430) vulnerability. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-3946 is a Deployment of Wrong Handler vulnerability (CWE-430) in the Control Data Access (CDA) component of Honeywell Experion PKS and OneWireless Wireless Device Manager (WDM). The affected Experion PKS products include C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E, with vulnerable versions spanning 520.1 through 520.2 TCU9 and 530 through 530 TCU3. For OneWireless WDM, the impacted versions are 322.1 through 322.4 and 330.1 through 330.3. The vulnerability has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H), indicating high severity due to its network accessibility and potential for significant impact.
An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables input data manipulation, which leads to incorrect handling of packets and ultimately remote code execution on the affected systems.
Honeywell advisories recommend updating to the latest versions for mitigation: Experion PKS to 520.2 TCU9 HF1 or 530.1 TCU3 HF1, and OneWireless WDM to 322.5 or 331.1. Additional details are available at https://process.honeywell.com/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21064
Vulnerability details
The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of…
more
packets leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated network-accessible RCE via wrong handler in public-facing industrial control system component directly matches exploitation of public-facing applications.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the Deployment of Wrong Handler vulnerability by requiring timely remediation through application of Honeywell's recommended patched versions.
Prevents input data manipulation exploits targeting the Control Data Access component by enforcing validation of all inputs at network interfaces.
Limits remote network access to the vulnerable CDA service, reducing the attack surface for unauthenticated exploitation leading to RCE.