Honeywell Experion PKS and OneWireless WDM Control Data Access Vulnerability Allowing Communication Channel Manipulation

A vulnerability has been identified in Honeywell Experion PKS and OneWireless WDM, specifically within the Control Data Access (CDA) component. This vulnerability allows for the improper handling of sensitive information, which an attacker could exploit to manipulate communication channels. Such exploitation could lead to buffer reuse, potentially causing incorrect system behavior. The affected versions of Experion PKS include 520.1 prior to 520.2 TCU9 HF1 and 530 prior to 530 TCU3. Affected OneWireless WDM versions are 322.1 through 322.4 and 330.1 through 330.3. The vulnerable Experion PKS products include C300, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E.

Impact

Exploitation of this vulnerability could result in unauthorized communication channel manipulation, causing buffer reuse and subsequent incorrect system behavior.

Remediation

Users are advised to update to the latest versions of Honeywell Experion PKS: 520.2 TCU9 HF1 and 530.1 TCU3 HF1, and OneWireless: 322.5 and 331.1.