CVE-2025-52551

Summary

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.

Affected Software

VendorProductVersion RangeStatus
Copeland LPE2 Facility Management System0 <= <=4.11F02affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Restrict access to the E2 Facilities Management System ethernet network interface by use of restricted VLAN or subnet and / or network firewall. Ensure the restricted VLAN or subnet is never accessible from untrusted networks.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References