CVE-2025-52549
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-01
Assigner: Armis
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in E3 Site Supervisor firmware versions below 2.31F01, where the device generates the root Linux password on each boot. An attacker can predict or generate the root password using known or easily obtainable parameters, potentially gaining unauthorized root access to the device.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to gain root access to the affected device without authorization. This can lead to full control over the system, enabling the attacker to manipulate data, disrupt operations, or use the device as a foothold for further attacks.