E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
History

Tue, 02 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 02 Sep 2025 11:30:00 +0000

Type Values Removed Values Added
Description E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
Title Enabling SSH and Shellinabox on the vulnerable machine
Weaknesses CWE-1242
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Armis

Published:

Updated: 2025-09-02T13:28:08.207Z

Reserved: 2025-06-17T17:29:21.841Z

Link: CVE-2025-52548

cve-icon Vulnrichment

Updated: 2025-09-02T13:28:03.931Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-02T12:15:37.393

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-52548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.