Armis Labs

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** The E3 Site Supervisor Control application services (MGW and RCI) utilize client-side hashing for authentication. This allows an attacker to authenticate by obtaining only the password hash. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** E3 Site Supervisor Control (firmware version prior to 2.31F01) has a floor plan feature that allows an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** The RCI service in E3 Site Supervisor Control contains an API call that allows reading user information, including all usernames and password hashes for application services. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** E3 Site Supervisor Control’s floor plan feature allows an unauthenticated attacker to upload floor plan files. Uploading a specially crafted floor plan file can lead to a stored cross-site scripting (XSS) condition on the floorplan web page. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** E3 Site Supervisor Control (firmware version prior to 2.31F01) MGW contains an API call lacking input validation. An attacker can use this command to continuously crash the application services. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** E3 Site Supervisor Control (firmware version prior to 2.31F01) contains a hidden `API` call within the application services that enables SSH and Shellinabox. These services exist but are disabled by default. An attacker with administrative access to the application services can use this `API` to enable remote access to the underlying operating system. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** The E3 Site Supervisor Control generates the root Linux password on each boot. An attacker can generate the root Linux password for a vulnerable device based on known or easily obtainable parameters. **Recommendations** Update to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor Control versions prior to 2.31F01 **Description** E3 Site Supervisor Control firmware upgrade packages are unsigned, allowing attackers to forge malicious packages. An attacker with administrative access to the application services can install these malicious firmware upgrades. **Recommendations** Update E3 Site Supervisor Control to version 2.31F01 or later.

**Name of the Vulnerable Software and Affected Versions** E2 Facility Management Systems (affected versions not specified) **Description** E2 Facility Management Systems utilizes a proprietary protocol that permits unauthenticated file operations on any file within the file system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** E3 Site Supervisor versions prior to 2.31F01 **Description** E3 Site Supervisor firmware contains a default administrator account, `ONEDAY`, with a daily generated password that is predictable. The `ONEDAY` user cannot be deleted or modified. **Recommendations** Update E3 Site Supervisor to version 2.31F01 or later.