CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-52546

E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.8%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.armis.com/research/frostbyte10/

Products affected by CVE-2025-52546

Copeland » Site Supervisor Bx 860-1240 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-
Copeland » Site Supervisor Bxe 860-1245 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-
Copeland » Site Supervisor Cx 860-1260 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-
Copeland » Site Supervisor Cxe 860-1265 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-
Copeland » Site Supervisor Rx 860-1220 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-
Copeland » Site Supervisor Rxe 860-1225 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-
Copeland » Site Supervisor Sf 860-1200 » Version: N/A

cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-
Copeland » E3 Supervisory Controller Firmware » Version: Any

cpe:2.3:o:copeland:e3_supervisory_controller_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-52546

Products

Pricing

Contact Us