CVE-2025-52549

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-52549
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.armis.com/research/frostbyte10/ Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-:*:*:*:*:*:*:*
History

01 Oct 2025, 18:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-:*:*:*:*:*:*:*
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-:*:*:*:*:*:*:*
References () https://www.armis.com/research/frostbyte10/ - () https://www.armis.com/research/frostbyte10/ - Mitigation, Third Party Advisory
First Time Copeland site Supervisor Sf 860-1200
Copeland e3 Supervisory Controller Firmware
Copeland site Supervisor Rx 860-1220
Copeland site Supervisor Rxe 860-1225
Copeland site Supervisor Cxe 860-1265
Copeland site Supervisor Bx 860-1240
Copeland site Supervisor Bxe 860-1245
Copeland site Supervisor Cx 860-1260
Copeland

02 Sep 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-02 12:15

Updated : 2025-10-01 18:23

NVD link : CVE-2025-52549

Mitre link : CVE-2025-52549

CVE.ORG link : CVE-2025-52549

JSON object : View

Products Affected

copeland

  • site_supervisor_rxe_860-1225
  • site_supervisor_bx_860-1240
  • e3_supervisory_controller_firmware
  • site_supervisor_rx_860-1220
  • site_supervisor_sf_860-1200
  • site_supervisor_cx_860-1260
  • site_supervisor_bxe_860-1245
  • site_supervisor_cxe_860-1265
CWE
CWE-522

Insufficiently Protected Credentials