CVE-2025-52543
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-01
Assigner: Armis
Description
Description
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-836 | The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the E3 Site Supervisor Control application services (MGW and RCI) for firmware versions below 2.31F01. The application uses client-side hashing for authentication, which means that an attacker who obtains the password hash can authenticate without needing the actual password.
How can this vulnerability impact me? :
An attacker who obtains the password hash can bypass authentication and gain unauthorized access to the system. This could lead to potential misuse or control of the affected application services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70