11 matches found
EUVD-2025-26396
Malicious code in bioql PyPI...
CVE-2025-52544
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
CVE-2025-52549
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52545
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
CVE-2025-6519
E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...
CVE-2025-6519
E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...
CVE-2025-6519
E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...
CVE-2025-52549
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52548
The CVE-2025-52548 entry concerns Copeland E3 Supervisory Control firmware versions older than 2.31F01. A hidden API call in the application services exists (enabled by default disabled) that, if accessed by an admin, can enable SSH and Shellinabox, granting remote access to the underlying operat...
CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services
E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...
CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services
E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...