PT-2025-35554 · Unknown · E3 Site Supervisor Control

Armis Labs

·

Publicado

2025-09-02

·

Atualizado

2025-09-02

·

CVE-2025-52545

CVSS v4.0

7.7

Alta

VetorAV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L
Name of the Vulnerable Software and Affected Versions E3 Site Supervisor Control versions prior to 2.31F01
Description The RCI service in E3 Site Supervisor Control contains an API call that allows reading user information, including all usernames and password hashes for application services.
Recommendations Update E3 Site Supervisor Control to version 2.31F01 or later.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2025-52545

Produtos afetados

E3 Site Supervisor Control