Metrics
Affected Vendors & Products
Solution
Upgrade firmware of affected E3 Supervisory Controls to a version > 2.30F1.
Workaround
Restrict access to the E3 Supervisory Controls network interface (ETH 0) by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks.
Link | Providers |
---|---|
https://www.armis.com/research/frostbyte10/ |
![]() ![]() |
Tue, 02 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 02 Sep 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS. | |
Title | Enabling SSH and Shellinabox on the vulnerable machine | |
Weaknesses | CWE-1242 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Armis
Published:
Updated: 2025-09-02T13:28:08.207Z
Reserved: 2025-06-17T17:29:21.841Z
Link: CVE-2025-52548

Updated: 2025-09-02T13:28:03.931Z

Status : Awaiting Analysis
Published: 2025-09-02T12:15:37.393
Modified: 2025-09-02T15:55:25.420
Link: CVE-2025-52548

No data.

No data.