Sprecher: Sprecon maintenance access with hardcoded credentials
CVE-2022-4333

9.8CRITICAL

Key Information:

Vendor: Sprecher Automation
Status: Sprecon-e Cpu Pu243x; Sprecon-e Cpu Pu244x; Sprecon-e Cpu Mc33/34; Sprecon-e Cpu Sprecon-edir
Vendor: CVE Published:; 1 June 2023

🔔 Create Sprecher Automation Vulnerability Alert

What is CVE-2022-4333?

Multiple variants of the SPRECON-E CPU from Sprecher Automation are susceptible to a vulnerability that involves hardcoded credentials. This issue allows remote attackers to potentially take control of the devices. It is crucial for users to deactivate the affected accounts following Sprecher's hardening guidelines to mitigate potential risks.

Affected Version(s)

SPRECON-E CPU MC33/34 all

SPRECON-E CPU PU243x all

SPRECON-E CPU PU244x all

References

https://www.sprecher-automation.com/fileadmin/itSecurity/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2023
Vulnerability Reserved
Dec 7, 2022

CVE-2022-4333 Data

JSON