CVE-2025-52546
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-01
Assigner: Armis
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in E3 Site Supervisor firmware versions below 2.31F01. It involves the floor plan feature, which allows an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, the attacker can inject stored cross-site scripting (XSS) code into the floorplan web page, potentially compromising the security of users who view that page.
How can this vulnerability impact me? :
The vulnerability can allow an unauthenticated attacker to execute stored XSS attacks on the floorplan web page. This could lead to malicious scripts running in the context of users viewing the page, potentially resulting in theft of session tokens, defacement, or other malicious actions that compromise user security and privacy.