CVE-2025-52550
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-10-01

Assigner: Armis

Description
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-10-01
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52550
EUVD
EUVD-2025-26398
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
copeland e3_supervisory_controller_firmware to 2.31f01 (exc)
copeland site_supervisor_bx_860-1240 *
copeland site_supervisor_bxe_860-1245 *
copeland site_supervisor_cx_860-1260 *
copeland site_supervisor_cxe_860-1265 *
copeland site_supervisor_rx_860-1220 *
copeland site_supervisor_rxe_860-1225 *
copeland site_supervisor_sf_860-1200 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists because the E3 Site Supervisor Control firmware upgrade packages (for versions below 2.31F01) are unsigned. This allows an attacker to forge malicious firmware upgrade packages. If the attacker has administrative access to the application services, they can install these malicious firmware upgrades.

Impact Analysis

The impact of this vulnerability is that an attacker with admin access can install malicious firmware on the device, potentially compromising the device's integrity, availability, and confidentiality. This could lead to unauthorized control, disruption of services, or further exploitation of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52550. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart