Sour Grapes: Frostbyte10 Security Flaw Gives Hackers Root Access To Supermarket Freezers

Armis Lab, an intelligence division at cybersecurity firm Armis, has identified 10 security flaws in Copeland software that could allow hackers to gain unauthorized access to critical systems within supermarkets and cold storage facilities.

The security flaws, which the firm dubbed "Frostbyte10", affect Copeland E2 and E3 controllers. These controllers are produced by Copeland, a company that specializes in heating, cooling, and refrigeration services. The controllers are essential for managing critical building and refrigeration systems, such as large freezers, refrigerators, air conditioners, and lighting systems.


Many retail, food, beverage, and logistics businesses rely heavily on these controllers for their daily operations. Armis pointed out that if exploited, these flaws could allow hackers to remotely gain control of a company's refrigeration system, shut down entire systems, or even execute malicious code.

Hackers could then leverage this access to place ransom demands on a company, that could derail its operations. Malicious hackers can be ruthless, as was demonstrated in a ransomware incident that ended the operations of KNP, a 158-year-old transport company in the UK.


Following Armis' disclosure, all 10 vulnerabilities have been patched with an updated Copeland firmware. A major vulnerability patched with the update is tracked as CVE-2025-52545, which details a method that would allow attackers to access confidential password hashes.

Copeland is urging affected organizations to implement the patch on its controllers. The company has also urged businesses still using the outdated E2 controllers to migrate to the E3 platform.