PT-2025-35557 · Unknown · E3 Site Supervisor Control
Armis Labs
·
Published
2025-09-02
·
Updated
2025-09-02
·
CVE-2025-52548
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
E3 Site Supervisor Control versions prior to 2.31F01
Description
E3 Site Supervisor Control (firmware version prior to 2.31F01) contains a hidden
API call within the application services that enables SSH and Shellinabox. These services exist but are disabled by default. An attacker with administrative access to the application services can use this API to enable remote access to the underlying operating system.Recommendations
Update E3 Site Supervisor Control to version 2.31F01 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E3 Site Supervisor Control