Armis Logo< Back

CVE-2025-52549:

A firmware vulnerability in Copeland LP's E3 Site Supervisor Control (firmware < 2.31F01) causes the root Linux password to be generated at each boot, enabling an attacker to derive the root password from known or easily obtainable parameters.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

9.8Critical
  • Published Date:Sep 2, 2025
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:0.1
  • EPSS Percentile:22%

Exploitability

  • Score:3.9
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:5.9
  • Confidentiality Impact:HIGH
  • Integrity Impact:HIGH
  • Availability Impact:HIGH

Description Preview

A firmware vulnerability in Copeland LP's E3 Site Supervisor Control (firmware < 2.31F01) causes the root Linux password to be generated at each boot, enabling an attacker to derive the root password from known or easily obtainable parameters.

Overview

Copeland LP’s E3 Site Supervisor Control firmware prior to 2.31F01 exposes root credentials by generating the root Linux password at each boot from predictable parameters. This enables an attacker with knowledge of or access to those parameters to compute the root password and gain privileged access to affected devices. The issue is categorized as insufficiently protected credentials (CWE-522) and relates to the use of known operating system credentials (CAPEC-653). Affected devices are the E3 Supervisory Control firmware versions less than 2.31F01, and the vulnerability is network-exploitable with a high impact, scored at 9.2 CRITICAL on CVSS 4.0. Workarounds focus on network isolation of the device management interface.

Remediation

  • Upgrade firmware to a version greater than 2.30F1 (deploy 2.31F01 or newer) on all affected E3 Supervisory Control devices.
  • After upgrade, verify that the root password is no longer generated from predictable parameters and that privileged access requires secure handling per vendor guidance.
  • If an immediate upgrade is not feasible, restrict network exposure of the device management interface (ETH0) by placing the devices on a restricted VLAN or subnet and enforcing firewall rules to block access from untrusted networks.
  • Implement additional compensating controls as appropriate, such as tightening remote access (limit or disable unnecessary remote root access), monitoring for credential-related activity, and maintaining an up-to-date asset inventory and patch plan.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Health Care and Social Assistance icon
Health Care and Social Assistance
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!