CVE-2025-52548 MEDIUM

CVE-2025-52548: Enabling SSH and Shellinabox on the vulnerable machine

Vendor Copeland Lp
Product E3 Supervisory Control
Weakness CWE-1242
Published September 2, 2025
Last update September 2, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.

Key dates

02Disclosure timeline

September 2, 2025 CVE published
September 2, 2025 Record updated