Privilege Escalation Vulnerability in Sprecher Automation SPRECON-E Service Program
CVE-2016-10041

7.5HIGH

Key Information:

Vendor

Sprecher-automation

Status
Sprecon-e Service Program
Vendor
CVE Published:
25 December 2016

What is CVE-2016-10041?

An issue found in Sprecher Automation's SPRECON-E Service Program prior to version 3.43 SP0 enables non-admin users to execute telegram simulations. The exploitation requires specific conditions: a user must have established a valid online connection and authenticated as an administrator while executing telegram simulation. If the admin closes the online connection without terminating the session, the improper caching of client data allows other non-admin users to perform telegram simulations through the already running software instance. To successfully exploit this vulnerability, an attacker must possess a valid engineering account within the SPRECON Role-Based Access Control (RBAC) system and access to a service or maintenance computer running the SPRECON-E Service Program.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/95296
vdb-entryx_refsource_BID
https://www.sprecher-automation.com/en/it-security/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.