8.8
CVE-2025-52544
- EPSS 0.17%
- Veröffentlicht 02.09.2025 11:25:01
- Zuletzt bearbeitet 01.10.2025 18:27:30
- Quelle dd59f033-460c-4b88-a075-d4d3fe
- CVE-Watchlists
- Unerledigt
LoginE3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Copeland ≫ E3 Supervisory Controller Firmware Version < 2.31f01
Copeland ≫ Site Supervisor Bx 860-1240 Version-
Copeland ≫ Site Supervisor Bxe 860-1245 Version-
Copeland ≫ Site Supervisor Cx 860-1260 Version-
Copeland ≫ Site Supervisor Cxe 860-1265 Version-
Copeland ≫ Site Supervisor Rx 860-1220 Version-
Copeland ≫ Site Supervisor Rxe 860-1225 Version-
Copeland ≫ Site Supervisor Sf 860-1200 Version-
Copeland ≫ Site Supervisor Bxe 860-1245 Version-
Copeland ≫ Site Supervisor Cx 860-1260 Version-
Copeland ≫ Site Supervisor Cxe 860-1265 Version-
Copeland ≫ Site Supervisor Rx 860-1220 Version-
Copeland ≫ Site Supervisor Rxe 860-1225 Version-
Copeland ≫ Site Supervisor Sf 860-1200 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.376 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| dd59f033-460c-4b88-a075-d4d3fedb6191 | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.