Armis Labs has uncovered ten critical security flaws collectively named “Frostbyte10” in Copeland’s E2 and E3 building management controllers.
These devices, which handle refrigeration, HVAC, lighting, and other essential functions, could allow remote attackers to execute code, change settings, disable systems, or steal sensitive data.
A firmware update is available now, and affected organizations are urged to patch immediately.
Vulnerabilities Details
Copeland’s E2 and E3 controllers are widely used in retail, cold-chain logistics, and critical infrastructure.
The E2 platform, now end-of-life, and the newer E3 system both contain vulnerabilities that can be chained together for full, unauthenticated root access.
Attackers could manipulate temperatures, shut down refrigeration, or even disable emergency lighting—putting food safety, supply chains, and human safety at risk.
Armis Labs worked closely with Copeland to analyze these flaws, understand their impact, and develop patches.
Firmware version 2.31F01 for E3 devices and equivalent updates for E2 controllers address all ten issues and must be installed without delay.
Customers still using E2 controllers should plan migration to the E3 platform as E2 support ended October 2024.
Key Vulnerabilities
| CVE Number | Description | Severity | CVSS Score |
| CVE-2025-6519 | Predictable generation of default admin password “ONEDAY” | Critical | 9.3 |
| CVE-2025-52543 | Authentication bypass using only the password hash | Medium | 5.3 |
| CVE-2025-52544 | Unauthenticated arbitrary file read via crafted floor plan upload | High | 8.8 |
| CVE-2025-52545 | Privilege escalation through exposed API revealing user hashes | High | 7.7 |
| CVE-2025-52546 | Stored cross-site scripting (XSS) via floor plan upload | Medium | 5.1 |
| CVE-2025-52547 | Denial-of-service by crashing application services through invalid input | High | 8.7 |
| CVE-2025-52548 | Hidden API enables SSH and Shellinabox for remote OS access | Medium | 6.9 |
| CVE-2025-52549 | Predictable root linux password generation on each boot | Critical | 9.2 |
| CVE-2025-52550 | Unsigned firmware upgrade packages allow malicious firmware installation | High | 8.6 |
| CVE-2025-52551 | Unauthenticated proprietary protocol permits arbitrary file operations on E2 controllers | Critical | 9.3 |
Remediation and Best Practices
- Apply Firmware Updates: Upgrade E3 controllers to version 2.31F01 or later. E2 customers should migrate and update as soon as possible.
- Network Segmentation: Isolate controllers on separate networks with strict firewall rules.
- Strong Authentication: Replace default accounts, enforce strong passwords, and disable unused remote access features.
- Continuous Monitoring: Implement vulnerability scanning and monitor logs for unusual activity.
- Incident Response Planning: Develop and test plans to detect, contain, and recover from attacks.
- Employee Training: Educate staff on cybersecurity risks and safe practices.
- Vendor Collaboration: Work with security researchers and vendors for timely threat intelligence and updates.
By following these steps and installing the patched firmware, organizations can close the Frostbyte10 attack vector and protect critical infrastructure from remote compromise.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
