Vulnerability Database

308,819

Total vulnerabilities in the database

CVE-2025-52548

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.

Published: Sep 2, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-52548
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-1242

Affected Software
References

Software	From	Fixed in
copeland / e3_supervisory_controller_firmware	-	2.31f01

https://www.armis.com/research/frostbyte10/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo