EUVD-2025-26400

Malicious code in bioql PyPI...

CVE-2025-52550

E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...

CVE-2025-52545 Privilege escalation in the application services

E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...

PT-2025-35559

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware upgrade packages are unsigned, allowing attackers to forge malicious packages. An attacker with administrative access to the application...

PT-2025-35552

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: The E3 Site Supervisor Control application services MGW and RCI utilize client-side hashing for authentication. This allows an attacker to authenticate by obtaining only the...

PT-2025-35558

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: The E3 Site Supervisor Control generates the root Linux password on each boot. An attacker can generate the root Linux password for a vulnerable device based on known or easily...

PT-2025-35554

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: The RCI service in E3 Site Supervisor Control contains an API call that allows reading user information, including all usernames and password hashes for application services...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a hidden API call that could result in enabling remote access to the underlying operating...

PT-2025-35562

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor versions prior to 2.31F01 Description: E3 Site Supervisor firmware contains a default administrator account, ONEDAY, with a daily generated password that is predictable. The ONEDAY user cannot be deleted or modified...

PT-2025-35555

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control’s floor plan feature allows an unauthenticated attacker to upload floor plan files. Uploading a specially crafted floor plan file can lead to a store...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland Corporation. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from an improper root password generation mechanism that could lead to the generation of a...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from improper handling of the floor plan feature and could lead to a stored cross-site scripting...