Vulnerability Description
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Copeland | E3 Supervisory Controller Firmware | < 2.31f01 |
| Copeland | Site Supervisor Bx 860-1240 | - |
| Copeland | Site Supervisor Bxe 860-1245 | - |
| Copeland | Site Supervisor Cx 860-1260 | - |
| Copeland | Site Supervisor Cxe 860-1265 | - |
| Copeland | Site Supervisor Rx 860-1220 | - |
| Copeland | Site Supervisor Rxe 860-1225 | - |
| Copeland | Site Supervisor Sf 860-1200 | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/research/frostbyte10/MitigationThird Party Advisory
FAQ
What is CVE-2025-52543?
CVE-2025-52543 is a vulnerability with a CVSS score of 7.5 (HIGH). E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...
How severe is CVE-2025-52543?
CVE-2025-52543 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52543?
Check the references section above for vendor advisories and patch information. Affected products include: Copeland E3 Supervisory Controller Firmware, Copeland Site Supervisor Bx 860-1240, Copeland Site Supervisor Bxe 860-1245, Copeland Site Supervisor Cx 860-1260, Copeland Site Supervisor Cxe 860-1265.