Subj : Supermarket freezers and other food storage could have been hacke To : All From : TechnologyDaily Date : Wed Sep 03 2025 15:30:09 Supermarket freezers and other food storage could have been hacked following flaws discovery Date: Wed, 03 Sep 2025 14:14:00 +0000 Description: Security researchers found 10 flaws in popular electronic control systems and collectively named them Frostbyte10. FULL STORY ======================================================================Ten bugs were found in E2 and E3 Copeland controllers Copeland released a fix with a firmware update When combined, the flaws can lead to remote code execution Two Copeland controllers, electronic control systems used in refrigerators and HVAC applications, were carrying almost a dozen vulnerabilities that could have been exploited for privilege escalation and remote code execution (RCE), putting thousands of companies at all sorts of risks. E2 and E3 Copeland controllers are designed to manage temperature, energy use, and system performance. Theyre commonly found in supermarkets, convenience stores, and foodservice operations and apparently, they are quite popular in the United States. Recently, security researchers from the operational technology security firm Armis found a total of 10 vulnerabilities, and collectively named them Frostbyte10. They reported their findings to Copeland, which issued a firmware update to address the flaws and mitigate potential risks. According to The Register, Copeland has a presence in more than 40 countries, with giants such as Kroger, Albertsons, and Whole Foods, being among its customers. It reported $4.75 billion in revenue in 2024. Firmware update Of the two controllers, E2 reached end-of-life in October, the publication added, but Copeland still issued a firmware update. Users are advised to upgrade to the newest model - E3 - and to make sure theyre running firmware version 2.31F01, at least. The US Cybersecurity and Infrastructure Security Agency (CISA) is expected to issue an advisory about these flaws as well, but it wasnt published by press time. Still, CISA said combining the problems can result in unauthenticated remote code execution with root privileges, The Register noted. So far, Armis seems to be the first one to discover the flaws, as there is no evidence that any of them had been abused in the wild before. However, if businesses dont patch their devices up, they will remain vulnerable to widely known, publicized flaws. Many threat actors intentionally wait for someone else to discover the flaws, betting that most firms dont apply the fixes on time. Via The Register You might also like Thousands of industrial systems, including power grids and traffic lights, found exposed online Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/supermarket-freezers-and-other-food-sto rage-could-have-been-hacked-following-flaws-discovery --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .