Primary

Context

Honeywell Experion PKS Control Data Access Component Integer Underflow Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

An integer underflow vulnerability has been identified in the Control Data Access (CDA) component of Honeywell Experion PKS. This vulnerability allows for input data manipulation, potentially leading to improper validation of integer values during subtraction, which could cause a denial-of-service condition. The affected Experion PKS products include C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. Vulnerable Experion PKS versions range from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.

Impact

Exploitation of this vulnerability could result in a denial-of-service condition, causing affected systems to become unresponsive or unavailable.

Remediation

Users are advised to update to the latest version of Honeywell Experion PKS: 520.2 TCU9 HF1 or 530.1 TCU3 HF1.

Added: Jul 10, 2025, 9:31 PM

Updated: Jul 10, 2025, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Honeywell Experion PKS Control Data Access Component Integer Underflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Honeywell Experion PKS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating