CVE-2025-52544
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-01
Assigner: Armis
Description
Description
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
E3 Site Supervisor Control firmware versions below 2.31F01 have a floor plan feature that allows an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, the attacker can gain access to any file on the E3 file system.
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to access any file on the E3 file system, potentially exposing sensitive information or system files, which could lead to data breaches or further exploitation of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70