E3 Site Supervisor Control Unsigned Firmware Upgrade Package Vulnerability

Vulnerability

A vulnerability exists in E3 Site Supervisor Control firmware versions prior to 2.31F01, where firmware upgrade packages are not signed. This lack of signature allows an attacker with admin access to the application services to create and install malicious firmware upgrade packages.

Impact

Exploitation of this vulnerability could lead to the installation of unauthorized and potentially harmful firmware, allowing for further exploitation of the device or application.

Added: Sep 2, 2025, 12:36 PM

Updated: Sep 2, 2025, 4:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

E3 Site Supervisor Control Unsigned Firmware Upgrade Package Vulnerability

Vulnerability

Impact

Affected Products

E3 Site Supervisor Control

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating