6 matches found
CVE-2025-52546
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page...
CVE-2025-52544
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
CVE-2025-52546
The CVE-2025-52546 entry concerns Copeland E3 Site Supervisor Control firmware prior to 2.31F01. The floor plan feature allows an unauthenticated user to upload floor plan files, which can inject a stored XSS on the floorplan web page. Documented impact is stored XSS with potential user interacti...
CVE-2025-52544 Arbitrary read file from the filesystem
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
PT-2025-35553
Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 has a floor plan feature that allows an unauthenticated attacker to upload floor plan files. By uploading a special...
PT-2025-35555
Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control’s floor plan feature allows an unauthenticated attacker to upload floor plan files. Uploading a specially crafted floor plan file can lead to a store...