E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.
History

Tue, 02 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 02 Sep 2025 11:30:00 +0000

Type Values Removed Values Added
Description E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.
Title Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Armis

Published:

Updated: 2025-09-02T15:25:44.338Z

Reserved: 2025-06-23T13:29:43.161Z

Link: CVE-2025-6519

cve-icon Vulnrichment

Updated: 2025-09-02T15:25:39.833Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-02T12:15:38.607

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-6519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.