CVE-2025-41742 PUBLISHED

Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components

Assigner: CERTVDE
Reserved: 16.04.2025 Published: 02.12.2025 Updated: 02.12.2025

Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Sprecher Automation
Product	SPRECON-E-C
Versions	Default: unaffected Version * is affected

Vendor	Sprecher Automation
Product	SPRECON-E-P
Versions	Default: unaffected Version * is affected

Vendor	Sprecher Automation
Product	SPRECON-E-T3
Versions	Default: unaffected Version * is affected

Credits

Sec-Consult Security Labs reporter

References

https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf

Problem Types

CWE-1394 Use of Default Cryptographic Key CWE