6.8
CVE-2022-4332
- EPSS 0.34%
- Veröffentlicht 01.06.2023 06:15:09
- Zuletzt bearbeitet 21.11.2024 07:35:04
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginSprecher: Vulnerable firmware verification
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sprecher-automation ≫ Sprecon-e-p Dq6-1 Firmware Version-
Sprecher-automation ≫ Sprecon-e-p Dl6-1 Firmware Version-
Sprecher-automation ≫ Sprecon-e-p Ds6-0 Firmware Version-
Sprecher-automation ≫ Sprecon-e-c Firmware Version-
Sprecher-automation ≫ Sprecon-e-t3 Firmware Version-
Sprecher-automation ≫ Sprecon-e-tc Ax-3110 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.252 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf