Vulnerability Description
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Copeland | E3 Supervisory Controller Firmware | < 2.31f01 |
| Copeland | Site Supervisor Bx 860-1240 | - |
| Copeland | Site Supervisor Bxe 860-1245 | - |
| Copeland | Site Supervisor Cx 860-1260 | - |
| Copeland | Site Supervisor Cxe 860-1265 | - |
| Copeland | Site Supervisor Rx 860-1220 | - |
| Copeland | Site Supervisor Rxe 860-1225 | - |
| Copeland | Site Supervisor Sf 860-1200 | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/research/frostbyte10/MitigationThird Party Advisory
FAQ
What is CVE-2025-52550?
CVE-2025-52550 is a vulnerability with a CVSS score of 7.2 (HIGH). E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the applicat...
How severe is CVE-2025-52550?
CVE-2025-52550 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52550?
Check the references section above for vendor advisories and patch information. Affected products include: Copeland E3 Supervisory Controller Firmware, Copeland Site Supervisor Bx 860-1240, Copeland Site Supervisor Bxe 860-1245, Copeland Site Supervisor Cx 860-1260, Copeland Site Supervisor Cxe 860-1265.