Frostbyte10 Vulnerabilities Let Hackers Gain Remote Access

Frostbyte10 Vulnerabilities Let Hackers Gain Remote Access

 Armis Labs has uncovered ten critical security flaws collectively named “Frostbyte10” in Copeland’s E2 and E3 building management controllers.

These devices, which handle refrigeration, HVAC, lighting, and other essential functions, could allow remote attackers to execute code, change settings, disable systems, or steal sensitive data.

A firmware update is available now, and affected organizations are urged to patch immediately.

Vulnerabilities Details

Copeland’s E2 and E3 controllers are widely used in retail, cold-chain logistics, and critical infrastructure.

The E2 platform, now end-of-life, and the newer E3 system both contain vulnerabilities that can be chained together for full, unauthenticated root access.

Attackers could manipulate temperatures, shut down refrigeration, or even disable emergency lighting—putting food safety, supply chains, and human safety at risk.

Armis Labs worked closely with Copeland to analyze these flaws, understand their impact, and develop patches.

Firmware version 2.31F01 for E3 devices and equivalent updates for E2 controllers address all ten issues and must be installed without delay.

Customers still using E2 controllers should plan migration to the E3 platform as E2 support ended October 2024.

Key Vulnerabilities

CVE Number Description Severity CVSS Score
CVE-2025-6519 Predictable generation of default admin password “ONEDAY” Critical 9.3
CVE-2025-52543 Authentication bypass using only the password hash Medium 5.3
CVE-2025-52544 Unauthenticated arbitrary file read via crafted floor plan upload High 8.8
CVE-2025-52545 Privilege escalation through exposed API revealing user hashes High 7.7
CVE-2025-52546 Stored cross-site scripting (XSS) via floor plan upload Medium 5.1
CVE-2025-52547 Denial-of-service by crashing application services through invalid input High 8.7
CVE-2025-52548 Hidden API enables SSH and Shellinabox for remote OS access Medium 6.9
CVE-2025-52549 Predictable root linux password generation on each boot Critical 9.2
CVE-2025-52550 Unsigned firmware upgrade packages allow malicious firmware installation High 8.6
CVE-2025-52551 Unauthenticated proprietary protocol permits arbitrary file operations on E2 controllers Critical 9.3

Remediation and Best Practices

  1. Apply Firmware Updates: Upgrade E3 controllers to version 2.31F01 or later. E2 customers should migrate and update as soon as possible.
  2. Network Segmentation: Isolate controllers on separate networks with strict firewall rules.
  3. Strong Authentication: Replace default accounts, enforce strong passwords, and disable unused remote access features.
  4. Continuous Monitoring: Implement vulnerability scanning and monitor logs for unusual activity.
  5. Incident Response Planning: Develop and test plans to detect, contain, and recover from attacks.
  6. Employee Training: Educate staff on cybersecurity risks and safe practices.
  7. Vendor Collaboration: Work with security researchers and vendors for timely threat intelligence and updates.

By following these steps and installing the patched firmware, organizations can close the Frostbyte10 attack vector and protect critical infrastructure from remote compromise.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.


Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.