CVE-2025-52543:E3 Site Supervisor Control (Copeland LP) firmware before 2.31F01 uses client-side hashing for authentication in MGW and RCI application services, allowing an attacker who obtains a password hash to authenticate without knowing the actual password (CWE-836).

splash
Back

Description Preview

The MGW and RCI application services in Copeland LP E3 Supervisory Control firmware versions less than 2.31F01 perform authentication using a client-side password hash rather than a server-side password verification process. An attacker who obtains or intercepts the stored or transmitted password hash can present that hash to the service and gain authenticated access, enabling authentication abuse (CAPEC-114). The vulnerability is exploitable over the network with low complexity and low privileges required, and has a CVSSv4.0 base score of 5.3 (MEDIUM). Armis Labs reported the issue on 2025-07-29.

Overview

Affected products are Copeland LP E3 Supervisory Control firmware versions prior to 2.31F01. The root cause is reliance on client-side hashing for authentication, which effectively treats the hash as the secret credential. Successful exploitation can lead to unauthorized authenticated access to device services and potential manipulation of supervisory control functions. The issue was publicly attributed to Armis Labs and is tracked as CVE-2025-52543.

Remediation

Apply the vendor-provided firmware update to a fixed release (upgrade to firmware version > 2.30F1, i.e., 2.31F01 or later). As an interim mitigation, restrict network access to the E3 Supervisory Controls network interface (ETH 0) using a dedicated VLAN or subnet and network firewall rules to ensure the interface is not reachable from untrusted networks. Additional precautions include rotating affected credentials after patching and monitoring device access logs for suspicious authentication attempts.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background