CVE-2025-52546

Medium CVSS: 5.1

E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.

Vendor

Copeland

Product

E3 Supervisory Controller Firmware

CWE

CWE-434

Yayın Tarihi

2025-09-02 12:15:37

Güncelleme

2025-10-01 18:26:57

Source Identifier

dd59f033-460c-4b88-a075-d4d3fedb6191

KEV Date Added

Kategoriler

CWE-434 E3 Supervisory Controller Firmware MEDIUM Copeland 2025

Referanslar

https://www.armis.com/research/frostbyte10/

Benzer Kayıtlar

High

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker t…

High

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…

High

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated atta…

High

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker…