All news with #copeland tag

Copeland OT Controller Flaws Risk Remote Control and Damage

⚠️ Security firm Armis disclosed 10 vulnerabilities, dubbed Frostbyte10, in Copeland LP E2 and E3 controllers used in heating, cooling, and refrigeration that could let attackers disable or remotely control equipment. Copeland issued firmware 2.31F01; organizations should deploy the update promptly to mitigate exposure. Combined flaws can enable unauthenticated remote code execution with root privileges; specific issues include a predictable default admin account (CVE-2025-6519), API endpoints that expose credential hashes, and unauthenticated file operations. Copeland says engineers acted quickly and that there are no known exploits to date.