Copeland E3 Supervisory Controller Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Copeland E3 Supervisory Controller Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-6519 — CVSS 9.8 (critical): E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can…
CVE-2025-52549 — CVSS 9.8 (critical): E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root…
CVE-2025-52545 — CVSS 7.5 (high): E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames…
CVE-2025-52543 — CVSS 7.5 (high): E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An…
CVE-2025-52547 — CVSS 7.5 (high): E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this…
CVE-2025-52544 — CVSS 7.5 (high): E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload…
CVE-2025-52550 — CVSS 7.2 (high): E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware…
CVE-2025-52546 — CVSS 6.1 (medium): E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload…
CVE-2025-52548 — CVSS 4.9 (medium): E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and…