Login Sign Up

CVE-2025-52547

7.5 HIGH
Denial of Service

📋 TL;DR

E3 Site Supervisor Control firmware versions below 2.31F01 contain an API endpoint with insufficient input validation, allowing attackers to send crafted requests that crash application services. This affects industrial control systems using vulnerable E3 MGW gateways, potentially disrupting site operations.

💻 Affected Systems

Products:
  • E3 Site Supervisor Control MGW
Versions: All firmware versions < 2.31F01
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the MGW gateway component of E3 Site Supervisor Control systems used in industrial environments.

📦 What is this software?

E3 Supervisory Controller Firmware by Copeland

View all CVEs affecting E3 Supervisory Controller Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Continuous denial-of-service attacks could render critical industrial control systems unavailable, disrupting facility operations and safety monitoring capabilities.

🟠

Likely Case

Attackers cause service interruptions through repeated crashes, requiring manual intervention to restore functionality.

🟢

If Mitigated

With proper network segmentation and access controls, only authorized systems can reach the vulnerable API, limiting attack surface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires network access to the API endpoint but no authentication, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.31F01

Vendor Advisory: https://www.armis.com/research/frostbyte10/

Restart Required: Yes

Instructions:

1. Download firmware version 2.31F01 from vendor portal. 2. Backup current configuration. 3. Upload and apply firmware update via management interface. 4. Reboot device to complete installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the MGW API endpoints using firewall rules

Rate Limiting

all

Implement rate limiting on API calls to prevent continuous exploitation attempts

🧯 If You Can't Patch

  • Isolate vulnerable devices in separate network segments with strict access controls
  • Implement monitoring for unusual API call patterns and service restart events

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or SSH: System > About > Firmware Version

Check Version:

ssh admin@device_ip 'show version' or check web interface System > About

Verify Fix Applied:

Confirm firmware version shows 2.31F01 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Repeated service crash/restart events
  • Unusual API call patterns to vulnerable endpoints
  • High frequency of malformed requests

Network Indicators:

  • Unusual traffic patterns to MGW API endpoints
  • Repeated connection attempts to service ports

SIEM Query:

source="e3-mgw" AND (event_type="service_crash" OR api_calls>threshold)

📊 Metadata

CVE ID: CVE-2025-52547
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.09% exploit probability (24.9th percentile)
Published: September 2, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52547, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)