E3 Site Supervisor Control RCI Service User Information Exposure Vulnerability

Vulnerability

A vulnerability exists in E3 Site Supervisor Control firmware versions prior to 2.31F01, where the RCI service includes an API call that exposes all usernames and password hashes for the application services.

Impact

Exploitation of this vulnerability leads to unauthorized access to user credentials, including password hashes, which could be used for further attacks such as password cracking or unauthorized access to user accounts.

Added: Sep 2, 2025, 12:22 PM

Updated: Sep 2, 2025, 4:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

E3 Site Supervisor Control RCI Service User Information Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating