CVE-2025-52543

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-52543
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.armis.com/research/frostbyte10/ Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-:*:*:*:*:*:*:*
History

01 Oct 2025, 18:27

Type Values Removed Values Added
References () https://www.armis.com/research/frostbyte10/ - () https://www.armis.com/research/frostbyte10/ - Mitigation, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Copeland site Supervisor Cxe 860-1265
Copeland
Copeland site Supervisor Bxe 860-1245
Copeland e3 Supervisory Controller Firmware
Copeland site Supervisor Cx 860-1260
Copeland site Supervisor Sf 860-1200
Copeland site Supervisor Bx 860-1240
Copeland site Supervisor Rx 860-1220
Copeland site Supervisor Rxe 860-1225
CPE cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-:*:*:*:*:*:*:*
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-:*:*:*:*:*:*:*

02 Sep 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-02 12:15

Updated : 2025-10-01 18:27

NVD link : CVE-2025-52543

Mitre link : CVE-2025-52543

CVE.ORG link : CVE-2025-52543

JSON object : View

Products Affected

copeland

  • site_supervisor_rx_860-1220
  • site_supervisor_bxe_860-1245
  • e3_supervisory_controller_firmware
  • site_supervisor_cxe_860-1265
  • site_supervisor_rxe_860-1225
  • site_supervisor_bx_860-1240
  • site_supervisor_sf_860-1200
  • site_supervisor_cx_860-1260
CWE
CWE-836

Use of Password Hash Instead of Password for Authentication