Breaking the core of the supply chain: 10 vulnerabilities in Copeland industrial refrigerators. ποΈβοΈπ¨βπ»πͺπ
Security researchers Shaul Garbuz and Alon Cohen published last month ten vulnerabilities in Copeland E2 and E3 controllers, which are used to manage critical building and refrigeration systems, including compressor groups, condensers, walk-in units, HVAC, and lighting systems.
Although we donβt have many details about how the research was conducted, the findings suggest that it involved hardware and firmware analysis of the devices.
The ONEDAY accountβs predictable password actually has an explanation - customers had asked the vendor for repeatable passwords to make remote contractor access easier. This βfeatureβ currently has a CVSS score of 9.3.
More details:
Frostbyte10: How To Mitigate Ten Vulnerabilities Impacting
Mission-Critical Equipment [PDF]: https://media.armis.com/rp-frostbyte10-executive-summary-en.pdf
Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk [The Register]: https://www.theregister.com/2025/09/02/frostbyte10_copeland_controller_bugs/
Technical bulletin Copeland [PDF]: https://media.copeland.com/def1ec89-6cff-4002-bc0f-b16d0036ed5f/026-4129%20E2%20Standard%20and%20E2%20Enhanced%20Feature%20Comparison.pdf
