CVE-2025-2520— Dereferencing of an uninitialized pointer leads to denial of service.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2520
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dereferencing of an uninitialized pointer leads to denial of service.
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to a denial of service. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1and 530.1 TCU3 HF1. The affected Experion PKS products are C300 PCNT02, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, PGM, and RFIM. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用未经初始化的变量
Source: NVD (National Vulnerability Database)
Vulnerability Title
Honeywell Experion PKS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Honeywell Experion PKS是美国霍尼韦尔(Honeywell)公司的一个过程自动化系统。 Honeywell Experion PKS 520.1至520.2 TCU9和530至530 TCU3版本存在安全漏洞,该漏洞源于未初始化变量,可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Honeywell | C300 PCNT02 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | EHB | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | EHPM | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | ELMM | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | Classic ENIM | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | ETN | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | FIM4 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | FIM8 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | PGM | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | RFIM | 520.1 ~ 520.2 TCU9 | - |
II. Public POCs for CVE-2025-2520
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2520
请登录查看更多情报信息。
Same Patch Batch · Honeywell · 2025-07-10 · 6 CVEs total
| CVE-2025-2523 | 9.4 CRITICAL | Lack of buffer clearing before reuse may result in incorrect system behavior. |
| CVE-2025-2521 | 8.6 HIGH | Lack of indexes’ validation against buffer borders leads to remote code execution. |
| CVE-2025-3947 | 8.2 HIGH | Integer underflow during processing of short network packets in CDA FTEB responder |
| CVE-2025-3946 | 8.2 HIGH | Incorrect response generation during FTEB protocol processing |
| CVE-2025-2522 | 6.5 MEDIUM | Lack of buffer clearing before reuse may result in incorrect system behavior. |
IV. Related Vulnerabilities
Same product: C300 PCNT02
- CVE-2025-3947
Integer underflow during processing of short network packets - CVE-2025-3946
Incorrect response generation during FTEB protocol processin - CVE-2025-2523
Lack of buffer clearing before reuse may result in incorrect - CVE-2025-2522
Lack of buffer clearing before reuse may result in incorrect - CVE-2025-2521
Lack of indexes’ validation against buffer borders leads to
Same vendor: Honeywell
- CVE-2026-4272
CVE-2026-4272 - Bluetooth Remote Execution of System Command - CVE-2026-3611
Honeywell IQ4x BMS Controller Missing authentication for cri - CVE-2026-1670
Honeywell CCTV Products Missing Authentication for Critical - CVE-2021-47868
WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service P - CVE-2021-47866
WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path
V. Comments for CVE-2025-2520
No comments yet