Home

Description

Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-02 | Updated 2025-12-02 | Assigner CERTVDE




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1394 Use of Default Cryptographic Key

Product status

Default status
unaffected

*
affected

Default status
unaffected

*
affected

Default status
unaffected

*
affected

Credits

Sec-Consult Security Labs reporter

References

www.sprecher-automation.com/...curity/PDF/SPR-2511042_de.pdf vendor-advisory

cve.org (CVE-2025-41742)

nvd.nist.gov (CVE-2025-41742)

Download JSON