E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
History

Tue, 02 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 02 Sep 2025 11:30:00 +0000

Type Values Removed Values Added
Description E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
Title Login to the application services using only the password hash
Weaknesses CWE-836
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Armis

Published:

Updated: 2025-09-02T13:43:02.830Z

Reserved: 2025-06-17T17:29:21.841Z

Link: CVE-2025-52543

cve-icon Vulnrichment

Updated: 2025-09-02T13:40:45.507Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-02T12:15:36.453

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-52543

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.