Home

Description

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-02 | Updated 2025-12-02 | Assigner CERTVDE




MEDIUM: 4.0CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-326 Inadequate Encryption Strength

Product status

Default status
unaffected

1.0 (custom) before 9.0
affected

Default status
unaffected

1.0 (custom) before 9.0
affected

Default status
unaffected

1.0 (custom) before 9.0
affected

Credits

Sec-Consult Security Labs reporter

References

www.sprecher-automation.com/...curity/PDF/SPR-2511043_de.pdf vendor-advisory

cve.org (CVE-2025-41743)

nvd.nist.gov (CVE-2025-41743)

Download JSON