CVE-2025-52544 - OpenCVE

E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.armis.com/research/frostbyte10/

History

Tue, 02 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 02 Sep 2025 11:30:00 +0000

Type	Values Removed	Values Added
Description		E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.
Title		Arbitrary read file from the filesystem
Weaknesses		CWE-20
References		https://www.armis.com/research/frostbyte10/
Metrics		cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Armis

Published: 2025-09-02T11:25:01.106Z

Updated: 2025-09-02T13:36:13.634Z

Reserved: 2025-06-17T17:29:21.841Z

Link: CVE-2025-52544

Vulnrichment

Updated: 2025-09-02T13:35:09.916Z

NVD

Status : Awaiting Analysis

Published: 2025-09-02T12:15:36.677

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-52544

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52544", "assignerOrgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "state": "PUBLISHED", "assignerShortName": "Armis", "dateReserved": "2025-06-17T17:29:21.841Z", "datePublished": "2025-09-02T11:25:01.106Z", "dateUpdated": "2025-09-02T13:36:13.634Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "E3 Supervisory Control", "vendor": "Copeland LP", "versions": [{"lessThan": "2.31F01", "status": "affected", "version": "0", "versionType": "firmware"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Armis Labs"}], "datePublic": "2025-07-29T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system."}], "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "shortName": "Armis", "dateUpdated": "2025-09-02T11:25:01.106Z"}, "references": [{"url": "https://www.armis.com/research/frostbyte10/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.<br>"}], "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1."}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary read file from the filesystem", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."}], "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T13:34:57.501127Z", "id": "CVE-2025-52544", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:36:13.634Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52544", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-02T13:34:57.501127Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:35:09.916Z"}}], "cna": {"title": "Arbitrary read file from the filesystem", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Armis Labs"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Copeland LP", "product": "E3 Supervisory Control", "versions": [{"status": "affected", "version": "0", "lessThan": "2.31F01", "versionType": "firmware"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.", "supportingMedia": [{"type": "text/html", "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.<br>", "base64": false}]}], "datePublic": "2025-07-29T12:00:00.000Z", "references": [{"url": "https://www.armis.com/research/frostbyte10/"}], "workarounds": [{"lang": "en", "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks.", "supportingMedia": [{"type": "text/html", "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.", "supportingMedia": [{"type": "text/html", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "shortName": "Armis", "dateUpdated": "2025-09-02T11:25:01.106Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52544", "state": "PUBLISHED", "dateUpdated": "2025-09-02T13:36:13.634Z", "dateReserved": "2025-06-17T17:29:21.841Z", "assignerOrgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "datePublished": "2025-09-02T11:25:01.106Z", "assignerShortName": "Armis"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system."}], "id": "CVE-2025-52544", "lastModified": "2025-09-02T15:55:25.420", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "dd59f033-460c-4b88-a075-d4d3fedb6191", "type": "Secondary"}]}, "published": "2025-09-02T12:15:36.677", "references": [{"source": "dd59f033-460c-4b88-a075-d4d3fedb6191", "url": "https://www.armis.com/research/frostbyte10/"}], "sourceIdentifier": "dd59f033-460c-4b88-a075-d4d3fedb6191", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "dd59f033-460c-4b88-a075-d4d3fedb6191", "type": "Secondary"}]}