Description

In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.

Related CPE's

o

sprecher-automation

sprecon-e-p_dq6-1_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-p_dq6-1

-

o

sprecher-automation

sprecon-e-p_dl6-1_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-p_dl6-1

-

o

sprecher-automation

sprecon-e-p_ds6-0_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-p_ds6-0

-

o

sprecher-automation

sprecon-e-c_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-c

-

o

sprecher-automation

sprecon-e-t3_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-t3

-

o

sprecher-automation

sprecon-e-tc_ax-3110_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-tc_ax-3110

-

References

https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf

MitigationVendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-06-01T06:15:09.877

1 year ago

Last modified

2023-06-09T15:51:18.877

1 year ago