Slashdot
Follow
Frostbyte10 Bugs Put Thousands of Refrigerators At Major Grocery Chains At Risk
Ten vulnerabilities, collectively named Frostbyte10, were discovered in Copeland E2 and E3 controllers. These controllers manage critical refrigeration and building systems in numerous supermarket and cold storage facilities globally. Exploiting these flaws could allow unauthorized access to manipulate temperatures, potentially spoiling food and medicine and causing significant supply chain disruptions. Three of the vulnerabilities received critical severity ratings. The vulnerabilities were found by operational technology security firm Armis and reported to Copeland. Copeland has since released firmware updates to address these security issues for both E2 and E3 controllers. Customers with E2 controllers, which have reached their end-of-life, are advised to upgrade to the newer E3 platform. The US Cybersecurity and Infrastructure Security Agency (CISA) is also issuing advisories urging immediate patching. While there is no evidence these vulnerabilities were exploited before fixes were released, the widespread use of these controllers makes them an attractive target for cybercriminals.