6.9
CVE-2025-52548
- EPSS 0.04%
- Veröffentlicht 02.09.2025 11:26:08
- Zuletzt bearbeitet 01.10.2025 18:25:16
- Quelle dd59f033-460c-4b88-a075-d4d3fe
- CVE-Watchlists
- Unerledigt
LoginE3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Copeland ≫ E3 Supervisory Controller Firmware Version < 2.31f01
Copeland ≫ Site Supervisor Bx 860-1240 Version-
Copeland ≫ Site Supervisor Bxe 860-1245 Version-
Copeland ≫ Site Supervisor Cx 860-1260 Version-
Copeland ≫ Site Supervisor Cxe 860-1265 Version-
Copeland ≫ Site Supervisor Rx 860-1220 Version-
Copeland ≫ Site Supervisor Rxe 860-1225 Version-
Copeland ≫ Site Supervisor Sf 860-1200 Version-
Copeland ≫ Site Supervisor Bxe 860-1245 Version-
Copeland ≫ Site Supervisor Cx 860-1260 Version-
Copeland ≫ Site Supervisor Cxe 860-1265 Version-
Copeland ≫ Site Supervisor Rx 860-1220 Version-
Copeland ≫ Site Supervisor Rxe 860-1225 Version-
Copeland ≫ Site Supervisor Sf 860-1200 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.097 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| dd59f033-460c-4b88-a075-d4d3fedb6191 | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1242 Inclusion of Undocumented Features or Chicken Bits
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.