CVE-2025-6519
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-10
Assigner: Armis
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| copeland | e3_supervisory_controller_firmware | to 2.31f01 (exc) |
| copeland | site_supervisor_bx_860-1240 | * |
| copeland | site_supervisor_bxe_860-1245 | * |
| copeland | site_supervisor_cx_860-1260 | * |
| copeland | site_supervisor_cxe_860-1265 | * |
| copeland | site_supervisor_rx_860-1220 | * |
| copeland | site_supervisor_rxe_860-1225 | * |
| copeland | site_supervisor_sf_860-1200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
E3 Site Supervisor firmware versions below 2.31F01 have a default admin user named "ONEDAY" with a password that is generated daily. However, this password can be predictably generated by an attacker, allowing unauthorized access. Additionally, the ONEDAY user account cannot be deleted or modified by any user, making it a persistent security risk.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized administrative access to the E3 Site Supervisor system by predicting the daily password of the default admin user "ONEDAY." Since this user cannot be deleted or modified, the attacker can maintain persistent access, potentially leading to control over the system, data breaches, or disruption of operations.