CVE-2025-41742
Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components
In short
Sprecher Automation SPRECON-E devices use fixed, unchangeable encryption keys that attackers can exploit remotely. This allows unauthorized access to read, modify system projects, steal data, and take control of devices without needing a password.
Technical detail
SPRECON-E series controllers are vulnerable to remote cryptographic key exploitation due to static, hardcoded keys in firmware. An unauthenticated remote attacker can leverage these keys to intercept and modify project configurations, exfiltrate sensitive data, or establish unauthorized remote maintenance sessions, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Sprecher Automation · SPRECON-E-CSprecher Automation · SPRECON-E-PSprecher Automation · SPRECON-E-T3Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →