CVE-2025-52548
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-01
Assigner: Armis
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1242 | The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in E3 Site Supervisor Control firmware versions below 2.31F01. It involves a hidden API call within the application services that can enable SSH and Shellinabox, which are present but disabled by default. An attacker who already has administrative access to the application services can exploit this API to enable remote access to the underlying operating system.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with admin access to enable remote access to the underlying OS via SSH or Shellinabox. This could lead to unauthorized control over the system, potentially compromising system integrity, confidentiality, and availability.