CVE-2025-52550

Published: Sep 2, 2025Modified: Oct 1, 2025

8.6

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: dd59f033-460c-4b88-a075-d4d3fedb6191 (Secondary)

Description

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.

Affected (1)

Products: Copeland: E3 Supervisory Controller Firmware

Copeland

1 product

E3 Supervisory Controller Firmware

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Copeland E3 Supervisory Controller Firmware	Before 2.31f01

Running on/with	Platform Versions
Copeland Site Supervisor Bx 860 1240	All versions
Copeland Site Supervisor Bxe 860 1245	All versions
Copeland Site Supervisor Cx 860 1260	All versions
Copeland Site Supervisor Cxe 860 1265	All versions
Copeland Site Supervisor Rx 860 1220	All versions
Copeland Site Supervisor Rxe 860 1225	All versions
Copeland Site Supervisor Sf 860 1200	All versions

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (1)

https://www.armis.com/research/frostbyte10/

Source: dd59f033-460c-4b88-a075-d4d3fedb6191

MitigationThird Party Advisory

Timeline

No history available yet.