E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.armis.com/research/frostbyte10/ |
![]() ![]() |
History
Tue, 02 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 02 Sep 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS. | |
Title | Enabling SSH and Shellinabox on the vulnerable machine | |
Weaknesses | CWE-1242 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Armis
Published:
Updated: 2025-09-02T13:28:08.207Z
Reserved: 2025-06-17T17:29:21.841Z
Link: CVE-2025-52548

Updated: 2025-09-02T13:28:03.931Z

Status : Awaiting Analysis
Published: 2025-09-02T12:15:37.393
Modified: 2025-09-02T15:55:25.420
Link: CVE-2025-52548

No data.

No data.