PatchSiren cyber security CVE debrief
CVE-2025-3947 Honeywell CVE debrief
CVE-2025-3947 is a high-severity Honeywell Experion PKS issue in the Control Data Access (CDA) component. The advisory says an attacker could manipulate input data in a way that causes improper integer value checking during subtraction, which can lead to denial of service in affected systems.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-24
- Original CVE updated
- 2025-08-04
- Advisory published
- 2025-07-24
- Advisory updated
- 2025-08-04
Who should care
OT and industrial control system operators using Honeywell Experion PKS, especially environments running versions earlier than R520.2 TCU9 Hot Fix 1 or R530 TCU3 Hot Fix 1. Honeywell administrators, control engineers, and defenders responsible for availability of process control systems should prioritize this advisory.
Technical summary
The CISA CSAF advisory describes an integer underflow condition in CDA. Because the flaw is reachable without authentication or user interaction per the provided CVSS vector (AV:N/PR:N/UI:N), a remote attacker could trigger bad subtraction logic and disrupt availability. The advisory maps the impact primarily to denial of service, with no vendor-provided indication in the supplied corpus of confidentiality impact.
Defensive priority
High. The CVSS vector indicates network reachability, no privileges required, no user interaction, and high availability impact. For OT environments, service disruption in control components can affect production stability and operational safety, so patching and exposure reduction should be treated as urgent.
Recommended defensive actions
- Update Honeywell Experion PKS to R520.2 TCU9 Hot Fix 1 or R530 TCU3 Hot Fix 1, per the vendor remediation.
- Review the affected product versions listed in the advisory and confirm whether any deployed systems fall below the fixed releases.
- Restrict network exposure to control-system components and limit access paths to CDA and related management interfaces.
- Apply OT security monitoring and segmentation guidance from CISA recommended practices while remediation is scheduled.
- Validate patching and configuration changes in a maintenance window appropriate for industrial control environments.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-205-03 for CVE-2025-3947 and the listed vendor remediation. The source corpus states the vulnerability is an integer underflow in Honeywell Experion PKS Control Data Access (CDA) that can lead to denial of service. The affected products in the advisory are Honeywell Experion PKS versions earlier than R520.2 TCU9 Hot Fix 1 and R530 TCU3 Hot Fix 1. The advisory was published on 2025-07-24 and updated on 2025-08-04 to add researcher names.
Official resources
-
CVE-2025-3947 CVE record
CVE.org
-
CVE-2025-3947 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-3947 was published on 2025-07-24 and the source advisory was updated on 2025-08-04. The update note in the supplied corpus indicates researcher names were added; the vulnerability disclosure date remains 2025-07-24.