Honeywell OneWireless Wireless Device Manager (WDM)

Act Now9.4ICS-CERT ICSA-25-247-01Aug 4, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Honeywell OneWireless Wireless Device Manager (WDM) versions below R322.5 and R331.1 contain multiple buffer overflow and input validation flaws (CWE-119, CWE-226, CWE-191, CWE-430) that allow remote unauthenticated attackers to achieve information disclosure, denial of service, or remote code execution over the network.

What this means

What could happen

An attacker with network access to the Wireless Device Manager could execute arbitrary code, cause service outages, or expose configuration data from wireless devices across your industrial network.

Who's at risk

Water authorities and utilities using Honeywell OneWireless WDM to manage wireless instrumentation and RTUs (remote terminal units) for field device monitoring and control. This includes facilities managing pressure sensors, flow meters, tank level monitoring, and other wireless-enabled instruments in distribution and treatment systems.

How it could be exploited

An attacker would connect to the WDM over the network and exploit one of the underlying buffer overflow or input validation flaws to inject code or crash the service. No credentials or user interaction are required.

Prerequisites

Network access to the Wireless Device Manager on the affected port
WDM version below R322.5 or R331.1
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.4)no patch available

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

OneWireless WDM: <R322.5<R322.5R322.5 or later

OneWireless WDM: <R331.1<R331.1R322.5 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the WDM by implementing firewall rules to allow only authorized engineering and management workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade OneWireless WDM to version R322.5 or later

Long-term hardening

0/2

HARDENINGIsolate the WDM and wireless device network from the business network and the Internet using air-gapped or separate physical networks

HARDENINGIf remote access is required, deploy a VPN with current security patches for secure administrative connectivity

CVEs (4)

CVE-2025-2521 CVE-2025-2522 CVE-2025-2523 CVE-2025-3946

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3fd8c116-9af0-4ab7-a14a-21b4ef7ae40c