cbcvebase.
CVE-2025-52548
published 2025-09-02

CVE-2025-52548: E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist…

PriorityP429medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
EPSS
0.33%
24.6th percentile
E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.

Affected

2 ranges
VendorProductVersion rangeFixed in
copelande3_supervisory_controller_firmware< 2.31f012.31f01
copeland_lpe3_supervisory_control< 2.31F012.31F01

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.