Vulnerability Details CVE-2025-52546
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2025-52546
-
cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-
-
cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-
-
cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-
-
cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-
-
cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-
-
cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-
-
cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.02f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.04f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.05f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.07f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.08f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.10f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.11f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.17f02
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.19f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.20f03
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.23f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.28f02
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.29f02
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.30f01
-
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:2.30f02