Description

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.

Related CPE's

o

sprecher-automation

sprecon-e-p_dq6-1_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-p_dq6-1

-

o

sprecher-automation

sprecon-e-p_dl6-1_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-p_dl6-1

-

o

sprecher-automation

sprecon-e-p_ds6-0_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-p_ds6-0

-

o

sprecher-automation

sprecon-e-c_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-c

-

o

sprecher-automation

sprecon-e-t3_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-t3

-

o

sprecher-automation

sprecon-e-tc_ax-3110_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e-tc_ax-3110

-

o

sprecher-automation

sprecon-e_ap-2200_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e_ap-2200

-

o

sprecher-automation

sprecon-e_cp-2131_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e_cp-2131

-

o

sprecher-automation

sprecon-e_cp-2330_firmware

-

Vulnerable

h

sprecher-automation

sprecon-e_cp-2330

-

References

https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-798

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-06-01T06:15:13.070

1 year ago

Last modified

2023-06-09T18:23:32.447

1 year ago