Sprecher Automation: SPRECON-E series has static default key material for...

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.

AI Analysis

Default cryptographic keys allow unprivileged remote access to encrypted communications, compromising confidentiality and integrity.

Basic Information

ID CVE-2025-41744

Source CERTVDE

Published Dec 2, 2025 at 10:38

Affected Product

Vendor Sprecher Automation

Product SPRECON-E-C

Version *

Affected Versions Sprecher Automation SPRECON-E-C *
Sprecher Automation SPRECON-E-P *
Sprecher Automation SPRECON-E-T3 *

CWE Classification

CWE-1394

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Sprecher Automation

Product SPRECON-E series

Version *

References

www.sprecher-automation.com /fileadmin/itSecurity/PDF/SPR-2511043_de.pdf

{
    "lastseen": "",
    "description": "Sprecher Automations SPRECON-E series\u00a0uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.",
    "published": "2025-12-02T10:38:47.489Z",
    "modified": "2025-12-02T10:38:47.489Z",
    "type": "cve",
    "title": "Sprecher Automation: SPRECON-E series has static default key material for TLS connections",
    "source": "CERTVDE",
    "references": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf",
    "id": "CVE-2025-41744",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1394"
    ],
    "cvelist": null,
    "sourceData": "Sprecher Automation SPRECON-E-C *\nSprecher Automation SPRECON-E-P *\nSprecher Automation SPRECON-E-T3 *",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SPRECON-E-C",
    "version": "*",
    "vendor": "Sprecher Automation",
    "ai_description": "Default cryptographic keys allow unprivileged remote access to encrypted communications, compromising confidentiality and integrity.",
    "ai_severity": "Critical",
    "ai_vendor": "Sprecher Automation",
    "ai_product": "SPRECON-E series",
    "ai_version": "*",
    "ai_score": 9.1
}

Sprecher Automation: SPRECON-E series has static default key material for TLS connections_CVE-2025-41744