31 matches found
EUVD-2025-26400
Malicious code in bioql PyPI...
EUVD-2025-28444
Malicious code in bioql PyPI...
EUVD-2025-28445
Malicious code in bioql PyPI...
EUVD-2025-26401
Malicious code in bioql PyPI...
CVE-2025-52547
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52550
E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...
CVE-2025-52549
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52547
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52549
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52547
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52545
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
CVE-2025-52543
E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...
CVE-2025-52545
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
CVE-2025-52549 Predictable root linux password generation
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52549
CVE-2025-52549 affects Copeland/E3 Site Supervisor Control. Vulnerable firmware versions prior to 2.31F01 generate a root Linux password on each boot, enabling an attacker to derive the root password from known or easily obtainable parameters. Impacts include full device compromise with root acce...
CVE-2025-52549 Predictable root linux password generation
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52547 DoS to the application services
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52547 DoS to the application services
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52547
The CVE-2025-52547 issue affects the E3 Site Supervisor Control MGW, specifically firmware versions prior to 2.31F01. The root cause is an API call that lacks input validation, which can be abused by an attacker to cause continuous DoS and crash application services. Multiple sources corroborate ...
CVE-2025-52546 Stored XSS by uploading a specially crafted floor plan file
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...