Armis Logo< Back

CVE-2025-52547:

DoS vulnerability in Copeland LP E3 Site Supervisory Control firmware prior to 2.31F01 due to an API call with improper input validation, enabling a remote attacker to repeatedly crash the application services over the network.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

7.5High
  • Published Date:Sep 2, 2025
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:0.1
  • EPSS Percentile:26%

Exploitability

  • Score:3.9
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:3.6
  • Confidentiality Impact:NONE
  • Integrity Impact:NONE
  • Availability Impact:HIGH

Description Preview

DoS vulnerability in Copeland LP E3 Site Supervisory Control firmware prior to 2.31F01 due to an API call with improper input validation, enabling a remote attacker to repeatedly crash the application services over the network.

Overview

This vulnerability is a network-exploitable denial-of-service stemming from improper input validation in an API call within the Copeland LP E3 Supervisory Control firmware. Because the issue can be triggered remotely with no user interaction and no required privileges, it poses a high risk to availability. The affected firmware is older than 2.31F01, and the vulnerability is categorized under CWE-20 with an HTTP DoS impact (CAPEC-469). A network-based attack could disrupt services across systems relying on the E3 MGW.

Remediation

  • Upgrade the E3 Supervisory Controls firmware to a version greater than 2.30F1 (i.e., install a fixed release such as 2.31F01 or newer as provided by the vendor).
  • If upgrading is not immediately feasible, restrict network access to the E3 MGW management interface (ETH0) by implementing a restricted VLAN or subnet and enforcing firewall rules so untrusted networks cannot reach the device.
  • Apply network segmentation and access controls to ensure only trusted management hosts can reach the E3 MGW API endpoints.
  • After remediation, verify that the API no longer triggers crashes by validating normal operation and monitoring for abnormal service restarts or log anomalies.
  • Establish ongoing monitoring for unusual API activity and ensure firmware is kept up to date with vendor advisories.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Health Care and Social Assistance icon
Health Care and Social Assistance
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!