CVE-2025-52550
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-01
Assigner: Armis
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because the E3 Site Supervisor Control firmware upgrade packages (for versions below 2.31F01) are unsigned. This allows an attacker to forge malicious firmware upgrade packages. If the attacker has administrative access to the application services, they can install these malicious firmware upgrades.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with admin access can install malicious firmware on the device, potentially compromising the device's integrity, availability, and confidentiality. This could lead to unauthorized control, disruption of services, or further exploitation of the system.