CVE-2025-52551:
CVE-2025-52551 describes a vulnerability in Copeland LP's E2 Facility Management System firmware (versions <= 4.11F02) where a proprietary network protocol allows unauthenticated file operations on any file in the device’s file system, enabling remote manipulation with a CRITICAL risk (CWE-306: Missing Authentication for Critical Function; CAPEC-165: File Manipulation).
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.3Critical- Published Date:Sep 2, 2025
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.1
- EPSS Percentile:20%
Description Preview
CVE-2025-52551 describes a vulnerability in Copeland LP's E2 Facility Management System firmware (versions <= 4.11F02) where a proprietary network protocol allows unauthenticated file operations on any file in the device’s file system, enabling remote manipulation with a CRITICAL risk (CWE-306: Missing Authentication for Critical Function; CAPEC-165: File Manipulation).
Overview
Copeland LP’s E2 Facility Management System contains a flaw in its proprietary protocol that permits unauthenticated file operations on any file within the device’s file system. This remote, unauthenticated access can compromise confidentiality, integrity, and availability, affecting firmware versions up to 4.11F02. The issue is categorized as CWE-306 and CAPEC-165, with a documented CVSS v4.0 base score of 9.3, indicating a critical risk when the device is exposed to network access.
Remediation
- Restrict network exposure: isolate the E2 system’s ethernet/interface to a restricted VLAN/subnet and enforce strict firewall rules so the device is not reachable from untrusted networks.
- Implement network segmentation: place the device behind additional layers of segmentation and limit management traffic to trusted administration hosts.
- Apply vendor updates: coordinate with Copeland LP to obtain and apply any firmware updates or patches that introduce authentication for critical functions or otherwise close the unauthenticated file operation path.
- Disable or mitigate the protocol if possible: if a configuration option exists to disable the proprietary protocol or revoke its access, implement it until a patch is applied.
- Monitor and alert: enable logging and monitor for anomalous file operations or access patterns on the device; set up alerts for any unauthenticated access attempts.
- Perform a risk-based migration: plan an upgrade path to a newer firmware release that addresses the vulnerability, testing in a controlled environment before production deployment.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
