CVE-2025-52546 - OpenCVE

E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.armis.com/research/frostbyte10/

History

Tue, 02 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 02 Sep 2025 11:30:00 +0000

Type	Values Removed	Values Added
Description		E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.
Title		Stored XSS by uploading a specially crafted floor plan file
Weaknesses		CWE-434
References		https://www.armis.com/research/frostbyte10/
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Armis

Published: 2025-09-02T11:25:39.864Z

Updated: 2025-09-02T13:30:49.398Z

Reserved: 2025-06-17T17:29:21.841Z

Link: CVE-2025-52546

Vulnrichment

Updated: 2025-09-02T13:29:59.189Z

NVD

Status : Awaiting Analysis

Published: 2025-09-02T12:15:37.057

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-52546

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52546", "assignerOrgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "state": "PUBLISHED", "assignerShortName": "Armis", "dateReserved": "2025-06-17T17:29:21.841Z", "datePublished": "2025-09-02T11:25:39.864Z", "dateUpdated": "2025-09-02T13:30:49.398Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "E3 Supervisory Control", "vendor": "Copeland LP", "versions": [{"lessThan": "2.31F01", "status": "affected", "version": "0", "versionType": "firmware"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Armis Labs"}], "datePublic": "2025-07-29T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page."}], "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "shortName": "Armis", "dateUpdated": "2025-09-02T11:25:39.864Z"}, "references": [{"url": "https://www.armis.com/research/frostbyte10/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.<br>"}], "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1."}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS by uploading a specially crafted floor plan file", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."}], "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T13:29:53.398293Z", "id": "CVE-2025-52546", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:30:49.398Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-02T13:29:53.398293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:29:59.189Z"}}], "cna": {"title": "Stored XSS by uploading a specially crafted floor plan file", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Armis Labs"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Copeland LP", "product": "E3 Supervisory Control", "versions": [{"status": "affected", "version": "0", "lessThan": "2.31F01", "versionType": "firmware"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.", "supportingMedia": [{"type": "text/html", "value": "Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.<br>", "base64": false}]}], "datePublic": "2025-07-29T12:00:00.000Z", "references": [{"url": "https://www.armis.com/research/frostbyte10/"}], "workarounds": [{"lang": "en", "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks.", "supportingMedia": [{"type": "text/html", "value": "Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.", "supportingMedia": [{"type": "text/html", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "shortName": "Armis", "dateUpdated": "2025-09-02T11:25:39.864Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52546", "state": "PUBLISHED", "dateUpdated": "2025-09-02T13:30:49.398Z", "dateReserved": "2025-06-17T17:29:21.841Z", "assignerOrgId": "dd59f033-460c-4b88-a075-d4d3fedb6191", "datePublished": "2025-09-02T11:25:39.864Z", "assignerShortName": "Armis"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page."}], "id": "CVE-2025-52546", "lastModified": "2025-09-02T15:55:25.420", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "dd59f033-460c-4b88-a075-d4d3fedb6191", "type": "Secondary"}]}, "published": "2025-09-02T12:15:37.057", "references": [{"source": "dd59f033-460c-4b88-a075-d4d3fedb6191", "url": "https://www.armis.com/research/frostbyte10/"}], "sourceIdentifier": "dd59f033-460c-4b88-a075-d4d3fedb6191", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "dd59f033-460c-4b88-a075-d4d3fedb6191", "type": "Secondary"}]}