9.8
CVE-2022-4333
- EPSS 0.85%
- Veröffentlicht 01.06.2023 06:15:13
- Zuletzt bearbeitet 21.11.2024 07:35:04
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginSprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sprecher-automation ≫ Sprecon-e-p Dq6-1 Firmware Version-
Sprecher-automation ≫ Sprecon-e-p Dl6-1 Firmware Version-
Sprecher-automation ≫ Sprecon-e-p Ds6-0 Firmware Version-
Sprecher-automation ≫ Sprecon-e-c Firmware Version-
Sprecher-automation ≫ Sprecon-e-t3 Firmware Version-
Sprecher-automation ≫ Sprecon-e-tc Ax-3110 Firmware Version-
Sprecher-automation ≫ Sprecon-e Ap-2200 Firmware Version-
Sprecher-automation ≫ Sprecon-e Cp-2131 Firmware Version-
Sprecher-automation ≫ Sprecon-e Cp-2330 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.534 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf