CVE-2025-52543
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-10-01

Assigner: Armis

Description
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-10-01
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52543
EUVD
EUVD-2025-26397
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
copeland e3_supervisory_controller_firmware to 2.31f01 (exc)
copeland site_supervisor_bx_860-1240 *
copeland site_supervisor_bxe_860-1245 *
copeland site_supervisor_cx_860-1260 *
copeland site_supervisor_cxe_860-1265 *
copeland site_supervisor_rx_860-1220 *
copeland site_supervisor_rxe_860-1225 *
copeland site_supervisor_sf_860-1200 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-836 The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the E3 Site Supervisor Control application services (MGW and RCI) for firmware versions below 2.31F01. The application uses client-side hashing for authentication, which means that an attacker who obtains the password hash can authenticate without needing the actual password.

Impact Analysis

An attacker who obtains the password hash can bypass authentication and gain unauthorized access to the system. This could lead to potential misuse or control of the affected application services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52543. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart