9.8
CVE-2025-6519
- EPSS 0.5%
- Veröffentlicht 02.09.2025 11:23:59
- Zuletzt bearbeitet 10.10.2025 14:18:29
- Quelle dd59f033-460c-4b88-a075-d4d3fe
- CVE-Watchlists
- Unerledigt
LoginConsistent predictable generation of the password for the default admin user "ONEDAY" to the application services
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Copeland ≫ E3 Supervisory Controller Firmware Version < 2.31f01
Copeland ≫ Site Supervisor Bx 860-1240 Version-
Copeland ≫ Site Supervisor Bxe 860-1245 Version-
Copeland ≫ Site Supervisor Cx 860-1260 Version-
Copeland ≫ Site Supervisor Cxe 860-1265 Version-
Copeland ≫ Site Supervisor Rx 860-1220 Version-
Copeland ≫ Site Supervisor Rxe 860-1225 Version-
Copeland ≫ Site Supervisor Sf 860-1200 Version-
Copeland ≫ Site Supervisor Bxe 860-1245 Version-
Copeland ≫ Site Supervisor Cx 860-1260 Version-
Copeland ≫ Site Supervisor Cxe 860-1265 Version-
Copeland ≫ Site Supervisor Rx 860-1220 Version-
Copeland ≫ Site Supervisor Rxe 860-1225 Version-
Copeland ≫ Site Supervisor Sf 860-1200 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.388 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| dd59f033-460c-4b88-a075-d4d3fedb6191 | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://www.armis.com/research/frostbyte10/