PT-2023-14192 · Sprecher Automation · Sprecon-E Cpu

Published

2023-06-01

Updated

2023-06-09

CVE-2022-4333

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sprecher Automation SPRECON-E CPU variants (affected versions not specified)

Description The issue concerns hardcoded credentials in multiple SPRECON-E CPU variants of Sprecher Automation, allowing a remote attacker to take over the device. To mitigate this, it is recommended to deactivate these accounts according to Sprecher's hardening guidelines.

Recommendations Deactivate the hardcoded credential accounts according to Sprecher's hardening guidelines to prevent remote attackers from taking over the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-4333

Affected Products

Sprecon-E Cpu

PT-2023-14192 · Sprecher Automation · Sprecon-E Cpu

CVE-2022-4333

Weakness Enumeration

Related Identifiers

Affected Products

References · 4