Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by Sprecher Automation
CVE-2025-41744 (GCVE-0-2025-41744)
Vulnerability from nvd – Published: 2025-12-02 10:38 – Updated: 2025-12-02 16:54- CWE-1394 - Use of Default Cryptographic Key
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-P |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-T3 |
Affected:
*
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:53:19.163444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:47.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sprecher Automations SPRECON-E series\u0026nbsp;uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity."
}
],
"value": "Sprecher Automations SPRECON-E series\u00a0uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:38:47.489Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series has static default key material for TLS connections",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41744",
"datePublished": "2025-12-02T10:38:47.489Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:47.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41743 (GCVE-0-2025-41743)
Vulnerability from nvd – Published: 2025-12-02 10:38 – Updated: 2025-12-02 16:54- CWE-326 - Inadequate Encryption Strength
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
1.0 , < 9.0
(custom)
|
|
| Sprecher Automation | SPRECON-E-P |
Affected:
1.0 , < 9.0
(custom)
|
|
| Sprecher Automation | SPRECON-E-T3 |
Affected:
1.0 , < 9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:29.885950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:38.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes."
}
],
"value": "Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:38:51.692Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series prone to weak encryption of update files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41743",
"datePublished": "2025-12-02T10:38:51.692Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:38.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41742 (GCVE-0-2025-41742)
Vulnerability from nvd – Published: 2025-12-02 10:39 – Updated: 2025-12-02 16:54- CWE-1394 - Use of Default Cryptographic Key
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-P |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-T3 |
Affected:
*
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:53:16.856849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:31.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sprecher Automations SPRECON-E-C, \u0026nbsp;SPRECON-E-P, SPRECON-E-T3\u0026nbsp;is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."
}
],
"value": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:39:08.982Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41742",
"datePublished": "2025-12-02T10:39:08.982Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:31.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6758 (GCVE-0-2024-6758)
Vulnerability from nvd – Published: 2024-08-12 10:20 – Updated: 2025-08-22 09:00- CWE-266 - Incorrect Privilege Assignment
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E |
Affected:
0 , < < 8.71j
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T20:19:24.737764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T20:19:35.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "\u003c 8.71j",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sprecher Automation"
}
],
"datePublic": "2024-07-17T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management\u0026nbsp;in\u0026nbsp;Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments."
}
],
"value": "Improper Privilege Management\u00a0in\u00a0Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T09:00:03.779Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2407171_de.pdf"
}
],
"source": {
"advisory": "SPR-2407171",
"defect": [
"CERT@VDE#641665"
],
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-6758",
"datePublished": "2024-08-12T10:20:10.039Z",
"dateReserved": "2024-07-15T13:31:48.338Z",
"dateUpdated": "2025-08-22T09:00:03.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4333 (GCVE-0-2022-4333)
Vulnerability from nvd – Published: 2023-06-01 05:36 – Updated: 2025-01-10 18:44- CWE-798 - Use of Hard-coded Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E CPU PU243x |
Affected:
all
|
|
| Sprecher Automation | SPRECON-E CPU PU244x |
Affected:
all
|
|
| Sprecher Automation | SPRECON-E CPU MC33/34 |
Affected:
all
|
|
| Sprecher Automation | SPRECON-E CPU SPRECON-EDIR |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:44:20.426469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:44:30.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU PU243x",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU PU244x",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU MC33/34",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU SPRECON-EDIR",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher\u0027s hardening guidelines."
}
],
"value": "Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher\u0027s hardening guidelines."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T05:36:22.128Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64323"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher: Sprecon maintenance access with hardcoded credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4333",
"datePublished": "2023-06-01T05:36:22.128Z",
"dateReserved": "2022-12-07T11:22:39.639Z",
"dateUpdated": "2025-01-10T18:44:30.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4332 (GCVE-0-2022-4332)
Vulnerability from nvd – Published: 2023-06-01 05:36 – Updated: 2025-01-10 18:43- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C/P/T3 CPU PU244x |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:43:06.738324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:43:17.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C/P/T3 CPU PU244x",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a\u0026nbsp;vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device."
}
],
"value": "In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a\u00a0vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-533",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-533 Malicious Manual Software Update"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T05:36:28.688Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64323"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher: Vulnerable firmware verification",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4332",
"datePublished": "2023-06-01T05:36:28.688Z",
"dateReserved": "2022-12-07T11:22:36.781Z",
"dateUpdated": "2025-01-10T18:43:17.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41742 (GCVE-0-2025-41742)
Vulnerability from cvelistv5 – Published: 2025-12-02 10:39 – Updated: 2025-12-02 16:54- CWE-1394 - Use of Default Cryptographic Key
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-P |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-T3 |
Affected:
*
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:53:16.856849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:31.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sprecher Automations SPRECON-E-C, \u0026nbsp;SPRECON-E-P, SPRECON-E-T3\u0026nbsp;is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."
}
],
"value": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:39:08.982Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41742",
"datePublished": "2025-12-02T10:39:08.982Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:31.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41743 (GCVE-0-2025-41743)
Vulnerability from cvelistv5 – Published: 2025-12-02 10:38 – Updated: 2025-12-02 16:54- CWE-326 - Inadequate Encryption Strength
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
1.0 , < 9.0
(custom)
|
|
| Sprecher Automation | SPRECON-E-P |
Affected:
1.0 , < 9.0
(custom)
|
|
| Sprecher Automation | SPRECON-E-T3 |
Affected:
1.0 , < 9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:29.885950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:38.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes."
}
],
"value": "Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:38:51.692Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series prone to weak encryption of update files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41743",
"datePublished": "2025-12-02T10:38:51.692Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:38.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41744 (GCVE-0-2025-41744)
Vulnerability from cvelistv5 – Published: 2025-12-02 10:38 – Updated: 2025-12-02 16:54- CWE-1394 - Use of Default Cryptographic Key
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-P |
Affected:
*
|
|
| Sprecher Automation | SPRECON-E-T3 |
Affected:
*
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:53:19.163444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:47.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-P",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-T3",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sec-Consult Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sprecher Automations SPRECON-E series\u0026nbsp;uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity."
}
],
"value": "Sprecher Automations SPRECON-E series\u00a0uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394 Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T10:38:47.489Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#641892"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher Automation: SPRECON-E series has static default key material for TLS connections",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41744",
"datePublished": "2025-12-02T10:38:47.489Z",
"dateReserved": "2025-04-16T11:17:48.321Z",
"dateUpdated": "2025-12-02T16:54:47.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6758 (GCVE-0-2024-6758)
Vulnerability from cvelistv5 – Published: 2024-08-12 10:20 – Updated: 2025-08-22 09:00- CWE-266 - Incorrect Privilege Assignment
| URL | Tags |
|---|---|
| https://www.sprecher-automation.com/fileadmin/itS… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E |
Affected:
0 , < < 8.71j
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T20:19:24.737764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T20:19:35.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E",
"vendor": "Sprecher Automation",
"versions": [
{
"lessThan": "\u003c 8.71j",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sprecher Automation"
}
],
"datePublic": "2024-07-17T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management\u0026nbsp;in\u0026nbsp;Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments."
}
],
"value": "Improper Privilege Management\u00a0in\u00a0Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T09:00:03.779Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2407171_de.pdf"
}
],
"source": {
"advisory": "SPR-2407171",
"defect": [
"CERT@VDE#641665"
],
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-6758",
"datePublished": "2024-08-12T10:20:10.039Z",
"dateReserved": "2024-07-15T13:31:48.338Z",
"dateUpdated": "2025-08-22T09:00:03.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4332 (GCVE-0-2022-4332)
Vulnerability from cvelistv5 – Published: 2023-06-01 05:36 – Updated: 2025-01-10 18:43- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E-C/P/T3 CPU PU244x |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:43:06.738324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:43:17.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E-C/P/T3 CPU PU244x",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a\u0026nbsp;vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device."
}
],
"value": "In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a\u00a0vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-533",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-533 Malicious Manual Software Update"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T05:36:28.688Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64323"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher: Vulnerable firmware verification",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4332",
"datePublished": "2023-06-01T05:36:28.688Z",
"dateReserved": "2022-12-07T11:22:36.781Z",
"dateUpdated": "2025-01-10T18:43:17.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4333 (GCVE-0-2022-4333)
Vulnerability from cvelistv5 – Published: 2023-06-01 05:36 – Updated: 2025-01-10 18:44- CWE-798 - Use of Hard-coded Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| Sprecher Automation | SPRECON-E CPU PU243x |
Affected:
all
|
|
| Sprecher Automation | SPRECON-E CPU PU244x |
Affected:
all
|
|
| Sprecher Automation | SPRECON-E CPU MC33/34 |
Affected:
all
|
|
| Sprecher Automation | SPRECON-E CPU SPRECON-EDIR |
Affected:
all
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:44:20.426469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:44:30.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU PU243x",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU PU244x",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU MC33/34",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SPRECON-E CPU SPRECON-EDIR",
"vendor": "Sprecher Automation",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher\u0027s hardening guidelines."
}
],
"value": "Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher\u0027s hardening guidelines."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T05:36:22.128Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64323"
],
"discovery": "UNKNOWN"
},
"title": "Sprecher: Sprecon maintenance access with hardcoded credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4333",
"datePublished": "2023-06-01T05:36:22.128Z",
"dateReserved": "2022-12-07T11:22:39.639Z",
"dateUpdated": "2025-01-10T18:44:30.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201802-1343
Vulnerability from variot - Updated: 2022-05-17 01:45Sprecher Automation GmbH provides switching equipment and automation solutions for energy, industrial and infrastructure construction. Power facilities, industries, transportation companies, municipal utilities and public institutions are all customers. (1) The authentication path traversal vulnerability exists in the web interface of Sprecher PLC. Allow authenticated users to read target system files. (2) Sprecher Automation SPRECON-E-C, PU-2433 client has a password hashing vulnerability. Since the hash of the password is calculated on the browser side, the hash of the password can also be used for login. (3) Sprecher Automation SPRECON-E-C, PU-2433 There is an unauthorized access vulnerability in the Telnet management service. Because the PLC is open telnet management service on TCP/2048 port. This interface can be used to control the PLC without any authentication. (4) Sprecher Automation SPRECON-E-C, PU-2433 has a denial of service vulnerability. A positive TCP SYN scan of a large number of ports triggers a PLC denial of service. Causes DOS attacks. Manual intervention is required to restore service availability. (5) Sprecher Automation SPRECON-E-C, PU-2433 has an old kernel vulnerability. Because the Linux kernel version of the PLC operating system is too old. Lead to a large number of known security vulnerabilities, potential security risks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sprecon-e-c pu-2433",
"scope": "lt",
"trust": 0.6,
"vendor": "sprecher automation",
"version": "8.49"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sprecher automation",
"version": "*"
},
{
"model": "automation sprecon-e-c pu-2433",
"scope": "lt",
"trust": 0.2,
"vendor": "sprecher",
"version": "8.49"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02693",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-02693",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sprecher Automation GmbH provides switching equipment and automation solutions for energy, industrial and infrastructure construction. Power facilities, industries, transportation companies, municipal utilities and public institutions are all customers. (1) The authentication path traversal vulnerability exists in the web interface of Sprecher PLC. Allow authenticated users to read target system files. (2) Sprecher Automation SPRECON-E-C, PU-2433 client has a password hashing vulnerability. Since the hash of the password is calculated on the browser side, the hash of the password can also be used for login. (3) Sprecher Automation SPRECON-E-C, PU-2433 There is an unauthorized access vulnerability in the Telnet management service. Because the PLC is open telnet management service on TCP/2048 port. This interface can be used to control the PLC without any authentication. (4) Sprecher Automation SPRECON-E-C, PU-2433 has a denial of service vulnerability. A positive TCP SYN scan of a large number of ports triggers a PLC denial of service. Causes DOS attacks. Manual intervention is required to restore service availability. (5) Sprecher Automation SPRECON-E-C, PU-2433 has an old kernel vulnerability. Because the Linux kernel version of the PLC operating system is too old. Lead to a large number of known security vulnerabilities, potential security risks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02693"
},
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02693",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E35191-39AB-11E9-9AC8-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"id": "VAR-201802-1343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"last_update_date": "2022-05-17T01:45:10.750000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sprecher AutomationSPRECON-E-C, PU-2433 patch with multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/115605"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2018/jan/101?utm_source=feedburner\u0026utm_medium=twitter\u0026utm_campaign=feed%3a+seclists%2ffulldisclosure+%28full+disclosure%29"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
},
{
"date": "2018-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02693"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Sprecher AutomationSPRECON-E-C, PU-2433",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02693"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "e2e35191-39ab-11e9-9ac8-000c29342cb1"
}
],
"trust": 0.2
}
}