{“lastseen”:”2026-06-22T20:09:02″,”description”:”Sprecher Automation SPRECON-E-C\/-E-P\/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory, use of static passwords, and hard-coded vendor accounts…”,”published”:”2026-06-22T00:00:00″,”modified”:”2026-06-22T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Sprecher Automation SPRECON-E-C\/-E-P\/-E-T3 Missing Secure-Boot \/ Static Passwords”,”source”:””,”references”:””,”id”:”PACKETSTORM:223999″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2022-4332″,”CVE-2022-4333″,”CVE-2025-41741″,”CVE-2025-41742″,”CVE-2025-41743″,”CVE-2025-41744″],”sourceData”:”SEC Consult Vulnerability Lab Security Advisory \\u003c 20260617-0 \\u003e\\n =======================================================================\\n title: Multiple Critical Vulnerabilities\\n product: Sprecher Automation SPRECON-E-C\/-E-P\/-E-T3\\n \u00a0vulnerable version: See vulnerable versions below\\n fixed version: See solution section below\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVE number: CVE-2022-4333, CVE-2022-4332, CVE-2025-41741,\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVE-2025-41742, CVE-2025-41743, CVE-2025-41744\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0impact: critical\\n homepage:https:\/\/www.sprecher-automation.com\/\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 found: 2022-08-26\\n by: Steffen Robertz\\n Christian Hager (Office Vienna)\\n SEC Consult Vulnerability Lab\\n \\n An integrated part of SEC Consult, an Atos business\\n Europe | Asia\\n \\n https:\/\/www.sec-consult.com\\n =======================================================================\\n \\n Vendor description:\\n ——————-\\n \\”Sprecher Automation provides products and solutions for power supply\\n and process automation. We secure critical infrastructures and optimise\\n complex energy and industry processes. […]\\n Quality, availability and security \u2013 those are not only our customers’s\\n requirements, but also goals we are striving for. Due to that, for example,\\n the hard- and software development are located in Austria and Germany.\\n We produce exclusively in Austria \u2013 starting with the production of\\n single elements, to system checks and practical inhouse testing.\\”\\n \\n Source:https:\/\/www.sprecher-automation.com\/en\/company\\n \\n \\n Business recommendation:\\n ————————\\n The vendor provides updated versions as well as workaround information in\\n their security advisories. Users should verify whether the patches are\\n installed already, otherwise patch immediately.\\n \\n SEC Consult highly recommends to perform a thorough security review of\\n the product conducted by security professionals to identify and resolve\\n potential further security issues.\\n \\n \\n Vulnerability overview\/description:\\n ———————————–\\n 1) Leak of Firmware Signing Private Key (CVE-2025-41741)\\n Sprecher signs its firmware update files to prevent an attacker from\\n loading manipulated update files. However, each PLC contains the\\n globally valid private signing key, as it is also used to sign backups.\\n An attacker, who obtains the key is able to ship validly signed,\\n modified firmware updates.\\n \\n The security vulnerability has been resolved in firmware version 9 and\\n above. Further details can be found in the advisory of the vendor. In\\n previous versions the affected feature can be deactivated by the customer.\\n The stated key can only be used in conjunction with the backup feature.\\n Affected products: SPRECON-E-C\/-E-P\/-E CPU Modul\\n \\n 2) Missing Secure-Boot Mechanism (CVE-2022-4332)\\n The PLC is able to detect secure boot violations correctly. However,\\n the events are not handled properly. They only output a warning to the\\n boot log, but do not prevent the device’s operation. Thus, anybody with\\n physical access to the device can modify the firmware and potentially\\n include backdoors.\\n \\n The security vulnerability has been resolved in firmware version 8.71a and\\n above, as well as 8.64m. Further details can be found in the advisory\\n of the vendor. In current and previous versions the affected feature can be\\n deactivated by the customer.\\n Affected products: SPRECON-E-C\/-E-P\/-E\\n \\n 3) Unencrypted External Flash Memory (CVE-2022-4332)\\n The external flash memory can be dumped using tools such as the Xgecu\\n T56. This allows an attacker with physical access to read all files and\\n thus gain knowledge about sensitive files such as passwords and private\\n keys.\\n \\n The security vulnerability has been resolved in firmware version 9 and above.\\n Further details can be found in the advisory of the vendor. In current and\\n previous versions the affected feature can be deactivated by the customer.\\n Affected products: SPRECON-E-C\/-E-P\/-E-T3\\n \\n 4) Usage of static passwords (CVE-2025-41742)\\n Various static passwords \/ key material can be discovered in the firmware.\\n They serve different use cases, such as hard-coded user accounts, as well as\\n encryption for settings and configuration files. This allows an attacker\\n to decrypt configuration files, modify them and properly encrypt them\\n again.\\n \\n According to the vendor, the documented static identity string does not serve\\n a security purpose in the system and is used as an identifier for maintenance.\\n Using the default identifier can lead to the targeted system being misidentified\\n during maintenance.\\n Affected products: SPRECON-E-C\/-E-P\/-E-T3\\n \\n 5) Hard-coded Vendor Accounts (CVE-2022-4333)\\n Two hard-coded vendor accounts were revealed in the devices. These\\n accounts are shipped with every update file and can be used by the\\n vendor e.g. for support access.\\n \\n These documented accounts can be activated or deactivated in the configuration.\\n These accounts are additionally secured with 2FA in firmware version 8.71g.\\n Affected products: SPRECON-E-C\/-E-P\/-E-T3\\n \\n 6) Decrypt Firmware Update Files (CVE-2025-41743)\\n Firmware update files include hard-coded accounts from vulnerability 5 and\\n can be decrypted using an XOR algorithm and a static password. This\\n allows an attacker to further analyze PLC components as well as gaining\\n knowledge of private keys and hard-coded accounts without requiring\\n physical access to any device.\\n \\n The signature and encryption mechanism have been modified and the security\\n vulnerability has been resolved in version 8.71 and above. Further details\\n can be found in the advisory of the vendor.\\n Affected products: SPRECON-E-C\/-E-P\/-E-T3\\n \\n 7) Insecure Transport Encryption (CVE-2025-41744)\\n The PLC’s webserver and the connection to the Sprecher Engineering Center\\n software use the same static default key on all devices. An attacker who gains\\n access to the private key via vulnerability 3 or 6 can thus decrypt all\\n traffic in a man-in-the-middle position. Thus, an attacker would be\\n able to change configurations and read connection passwords.\\n \\n According to the vendor, those certificates are only used during initial\\n commissioning and users can find further information to change the certificates\\n in the documentation\/guideline \\”SPRECON Grundh\u00e4rtung\\” (basic hardening).\\n The vendor’s hardening guide makes it clear that it is both possible and\\n recommended to change the default certificate.\\n Documentation: 94.2.913.50en SPRECON Basic Hardening\\n \\n \\n Proof of concept:\\n —————–\\n 1) Leak of Firmware Signing Private Key (CVE-2025-41741)\\n Backups are restored by the same command flow as regular update files.\\n Thus, backups need to be validly signed as well. For this, Sprecher’s\\n private key is required. The following openssl command signs the\\n created backup:\\n \\n “`\\n openssl dgst -sha256 -sign ${SSM_CERT}\/.backup.key -passinfile:${SSM_CERT}\/.pass -out\\n ${SSM_SECURE_DIR}\/image.sha256 ${SSM_SECURE_DIR}\/image.zip 2\\u003e\/dev\/null\\n “`\\n \\n The private key and password are both stored in the same filesystem and\\n can be obtained via the decrypted firmware update file (vulnerability 6)\\n or the unencrypted flash memory (vulnerability 3).\\n \\n \\n 2) Missing Secure-Boot Mechanism (CVE-2022-4332)\\n The main SoC of the SPRECON E-C-94 is an i.MX6. The board does not fully\\n enable High-Assurance Boot (HAB). Thus, the firmware and bootloader can\\n be modified. The modification is detected, however, since secure boot is\\n not fully enabled, the violation will not be handled. The following boot\\n log can be seen on the device’s service connector (X6). The first\\n bootline was manipulated to include the string \\”SECTEST\\”.\\n \\n “`\\n REL_UBOOT_SECTEST_2015_07_RC7 SPL (Mar 11 2022 – 10:55:26)\\n Booting from SPI\\n Image Entry Point: 0x17800000\\n Image Load Address: 0x177FFFC0\\n Image Size: 0x48000\\n Authenticate image from DDR location 0x177fffc0…\\n Authenticated Image Size = 0x46000\\n Load Addr = 0x17800000\\n HAB not enabled\\n U-Boot Authentication Successful\\n […]\\n Authenticate image from DDR location 0x12000000…\\n Authenticated Image Size = 0x7bc000\\n HAB not enabled\\n HAB Configuration: 0xf0, HAB State: 0x66\\n ——— HAB Event 1 —————–\\n […]\\n zImage Authentication Successful\\n “`\\n \\n 3) Unencrypted External Flash Memory (CVE-2022-4332)\\n The main memory is a BGA153 eMMC flash memory. Thus, it can be read by\\n multiple tools such as the Xgecu T56. By dumping its contents, an\\n attacker can extract password hashes from the `\/etc\/passwd` or\\n `\/etc\/shadow` file and gain access to the private key from\\n vulnerability 1.\\n \\n \\n 4) Usage of static passwords (CVE-2025-41742)\\n \u00a0 \u00a0 4.1) Static Passwords in Sprecher Engineering Studio\\n \\t\\t Two different passwords can be used to call an internal function.\\n This can be seen in following code snippet:\\n \\t\\t\\n \\t\\t “`\\n \\t\\t iVar3 = _strcmp(local_28,\\”**redacted**\\”);\\n \\t\\t if (((iVar3 == 0) || (iVar3 = _strcmp(local_28,\\”**redacted**\\”), iVar3 == 0)) ||(iVar3 = _strcmp(local_28,\\”**redacted**\\”), iVar3 == 0)) {\\n \\t\\t \\tFUN_10001780(local_28,0x20,\\”XXX\\”);\\n \\t\\t }\\n \\t\\t “`\\n \\t\\t\\n \\t\\t Unfortunately, we were not able to fully determine the use case of\\n these credentials.\\n \\t\\n \\t4.2) Static Passwords in Sprecher Engineering Studio Configuration files\\n \\t\\t When exporting configurations from the Engineering Studio, a .sprXecz\\n \\t\\t file will be created. It is encrypted using a static password.\\n \\n \\t4.3) Webserver Settings Export\\n \\t\\t The webserver exports its settings as .jzp file. However, this\\n \\t\\t is just a renamed .zip file which uses a static password.\\n \\n \\t4.4) OpenVPN and IPSEC Settings Export\/Import\\n \\t\\t OpenVPN profiles and IPSEC settings are exported\/imported as\\n \\t\\t zip files. They are encrypted with a static password.\\n \\n \\n 5) Hard-coded Vendor Accounts (CVE-2022-4333)\\n The `\/etc\/passwd` file and `\/etc\/shadow` file reveal hard-coded password\\n hashes for the \\”sprecon\\” and \\”spradm\\” accounts. These accounts are shipped\\n with the update files (tested with official downloadable version 8.71) and\\n there seems to be no option for deleting or changing their passwords.\\n \\n The usability of the accounts is configurable via the configuration.\\n Details to deactivate the accounts are included in the hardening guidelines.\\n \\n \\n 6) Decrypt Firmware Update Files (CVE-2025-41743)\\n SPRECON firmware update files are encrypted. However, they use XOR magic\\n and static passwords as encryption method. Due to limited time, we did\\n not reverse engineer the XOR algorithm and instead ran the decoding\\n binaries using QEMU. First, the fwimaker binary was run to create a\\n regular zip file from the XORed .fwi file by running the following\\n command:\\n \\n “`\\n qemu-arm -L \/usr\/arm-linux-gnueabihf .\/fwimaker x sce_P9pu244_sc_864l_crypt.fwi extracted.zip\\n “`\\n \\n Afterwards the ZIP file can be decompressed and decrypted.\\n An attacker is now able to read the static password hashes and\\n further analyze components of the PLC.\\n \\n According to the vendor, manipulated firmware update files cannot be\\n flashed anymore, due to the usage of firmware signing.\\n \\n \\n 7) Insecure Transport Encryption (CVE-2025-41744)\\n The file `\/etc\/rbac\/default.pem` contains a private key which is used\\n for the HTTPS encryption of the webserver. Further, the same key is used\\n to encrypt the communication with the Sprecher Engineering Studio.\\n An attacker can use vulnerability 3 or 6 to obtain the private key\\n and can then decrypt communication in a man-in-the-middle position.\\n The certificate has following fingerprint:\\n \\n “`\\n E9:AF:F4:F1:90:83:3C:5B:0B:E2:DF:E1:DF:31:69:B5:C1:EC:90:52\\n “`\\n \\n One device using the same certificate was discovered on the internet.\\n \\n According to the vendor, those certificates are only used during initial\\n commissioning and users can find further information to change the certificates\\n in the documentation\/guideline \\”SPRECON Grundh\u00e4rtung\\” (basic hardening).\\n The vendor’s hardening guide makes it clear that it is both possible and\\n recommended to change the default certificate of the vendor.\\n \\n \\n Vulnerable \/ tested versions:\\n —————————–\\n The following firmware version \\u0026 product has been tested where the vulnerabilites\\n have been identified:\\n * Leittechnik Firmware: 8.6.4i on SPRECON E-C-94\\n \\n According to the vendor, the following products and firmware versions are affected:\\n Issue 1 – CVE-2025-41741) SPRECON-E-C\/-E-P\/-E CPU Module Version Amsel – PU245 and Falcon – PU244 in firmware version \\u003c v9.0\\n Issue 2 \\u0026 3 – CVE-2022-4332) SPRECON-E-C\/-E-P\/-E-T3 (variant PU244x), SPRECON-V460 – firmware \\u003cv8.71a (except 8.64m)\\n Issue 4 – CVE-2025-41742) SPRECON-E-C\/-E-P\/-E-T3\\n Issue 5 – CVE-2022-4333) SPRECON-E-C\/-E-P\/-E-T3 (variants PU243x, PU244x, MC33\/34, SPRECON-EDIR), SPRECON-V460\\n Issue 6 – CVE-2025-41743) SPRECON-E-C\/-E-P\/-E-T3 in firmware versions \\u003cv9.0\\n Issue 7 – CVE-2025-41744) SPRECON-E-C\/-E-P\/-E-T3\\n \\n \\n Vendor contact timeline:\\n ————————\\n Our vulnerabilities were identified in August 2022 where a third party directly\\n submitted the vulnerabilities to the vendor. We took over the coordination\\n in November 2023 again also because a vulnerability verification\/recheck was\\n planned.\\n \\n 2023-11-23: Contacting vendor through SPRECON contact form on website\\n (https:\/\/www.sprecher-automation.com\/anfrage-sprecon)\\n 2023-11-24: Vendor responds that vulnerabilities have not been assigned to separate\\n advisories. The vulnerabilities have not yet been fixed as a new\\n security subsystem needs to be implemented. First fixes are scheduled\\n for end of Q1\/2024 but maintenance releases have been rolled out\\n to migitate some issues. A full fix is planned for the major product\\n version and afterwards CVEs and details will be published in accordance\\n with E-CERT and BSI.\\n 2024-10-30: Requesting status update of responsible disclosure.\\n 2024-10-31: Sprecher did not yet receive the results of the recheck. Sprecher will\\n clarify the internal state of the responsible disclosure process.\\n Our contact person is not directly working at Sprecher anymore but as a\\n contractor.\\n 2024-12-05: Requesting status update again and a contact at Sprecher.\\n 2024-12-09: No firmware updates for all devices yet. No specific timeline yet,\\n estimated for Q1 2025.\\n 2025-02-10: Requested status update.\\n 2025-03-18: Requested update as the current state of patches is unclear, informing\\n vendor that our contact person has changed as well. No response.\\n 2025-05-19: Requested status update. No response.\\n 2025-07-10: Requested update.\\n 2025-07-14: Sprecher responds that the security contact for our advisory changed and\\n we should contact another person (who was in CC all the communication\\n attempts before).\\n 2025-07-16: Sprecher wants to schedule a short meeting to discuss the current status.\\n 2025-07-18: Exchanging several date suggestions for the meeting.\\n 2025-08-20: Meeting with Sprecher and providing the current state of the advisory.\\n 2025-09-22: Submitting another (different) security advisory to Sprecher.\\n 2025-09-23: Meeting with Sprecher regarding the current state of the vulnerabilities.\\n Scheduling follow-up meeting for 7th October.\\n 2025-10-07: Sprecher cancelled planned meeting on short notice. Our CNA shortly phoned\\n with Sprecher. Setup a new meeting and communicated that a normal responsible\\n disclosure timeline is 3 months.\\n 2025-10-13: Meeting with Sprecher and our CNA and agreeing on a mutual timeline\\n regarding the advisory release. Sprecher will give feedback regarding CVE\\n assignment, provided CVE-2022-4332 and CVE-2022-4333. Vendor will provide\\n information regarding vulnerability 4 until 2025-10-17.\\n SEC Consult removes sensitive information from advisory and that manipulated\\n images cannot be exploited (issue 6) and that the vendor recommends changing\\n certificates (issue 7).\\n The vendor blog post will be released on 24th October and our publication is\\n then planned for 27th October.\\n Sending the current state of the advisory again.\\n 2025-10-15: Asking whether Sprecher received our encrypted email, asking for confirmation.\\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0No response from the vendor.\\n 2025-10-17: Preparing the release of the advisory.\\n Sending the final draft of the advisory to Sprecher with a target\\n release date on the 2025-10-27.\\n Contacting CERT@VDE regarding CVE-2022-4332 + CVE-2022-4333.\\n 2025-10-20: Vendor responds that our draft advisory is incorrect, contains already\\n published (from their side) CVEs and requests further coordination for\\n responsible disclosure.\\n 2025-10-21: Contacting CERT@VDE regarding potential support.\\n 2025-10-22: CERT@VDE cannot support our case as Sprecher is not a partner.\\n 2025-10-23: Adjusted timeline again and submitted draft advisory to Sprecher. Asking\\n for a meeting.\\n 2025-11-05: Meeting with vendor, discussing vulnerabilities \\u0026 next steps, vendor will\\n provide further information as well as feedback to our advisory.\\n 2025-11-05: Vendor provides CVE numbers and links to their advisories.\\n 2025-11-06: Adjusting advisory with feedback of vendor and CVE numbers etc., submitting\\n latest draft version to vendor again.\\n 2025-11-19: Asking the vendor for a status update \\u0026 feedback.\\n 2025-12-02: Vendor responds with adjusted advisory feedback.\\n 2025-12-15: Informing vendor about internal delays on our side regarding publication.\\n 2026-06-11: Sending adjusted advisory to vendor \\u0026 proposed publication date (17th June).\\n 2026-06-17: Public release of security advisory.\\n \\n \\n Solution:\\n ———\\n The vendor provides relevant updates and\/or workarounds for the specific issues\\n in their own advisories:\\n \\n (PDFs in German)\\n Issue 1 – CVE-2025-41741) SPR-2511041 -https:\/\/www.sprecher-automation.com\/fileadmin\/itSecurity\/PDF\/SPR-2511041_de.pdf \\n Issue 2 \\u0026 3 – CVE-2022-4332) 2022-12 -https:\/\/www.sprecher-automation.com\/fileadmin\/itSecurity\/PDF\/2022-12_Advisories.pdf\\n Issue 4 – CVE-2025-41742) SPR-2511042 -https:\/\/www.sprecher-automation.com\/fileadmin\/itSecurity\/PDF\/SPR-2511042_de.pdf\\n Issue 5 – CVE-2022-4333) 2022-12 -https:\/\/www.sprecher-automation.com\/fileadmin\/itSecurity\/PDF\/2022-12_Advisories.pdf\\n Issue 6 – CVE-2025-41743) SPR-2511043 -https:\/\/www.sprecher-automation.com\/fileadmin\/itSecurity\/PDF\/SPR-2511043_de.pdf\\n Issue 7 – CVE-2025-41744) SPR-2511044 -https:\/\/www.sprecher-automation.com\/fileadmin\/itSecurity\/PDF\/SPR-2511044_de.pdf\\n \\n \\n Workaround:\\n ———–\\n See vendor advisories for the specific workarounds and mitigations.\\n \\n \\n Advisory URL:\\n ————-\\n https:\/\/sec-consult.com\/vulnerability-lab\/\\n \\n \\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n \\n SEC Consult Vulnerability Lab\\n \\n SEC Consult, an Atos business\\n Europe | Asia\\n \\n About SEC Consult Vulnerability Lab\\n The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an\\n Atos company. It ensures the continued knowledge gain of SEC Consult in the\\n field of network and application security to stay ahead of the attacker. The\\n SEC Consult Vulnerability Lab supports high-quality penetration testing and\\n the evaluation of new offensive and defensive technologies for our customers.\\n Hence our customers obtain the most current information about vulnerabilities\\n and valid recommendation about the risk profile of new technologies.\\n \\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n Interested to work with the experts of SEC Consult?\\n Send us your applicationhttps:\/\/sec-consult.com\/career\/\\n \\n Interested in improving your cyber security with the experts of SEC Consult?\\n Contact our local officeshttps:\/\/sec-consult.com\/contact\/\\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\n \\n Mail: security-research at sec-consult dot com\\n Web:https:\/\/www.sec-consult.com\\n Blog:https:\/\/blog.sec-consult.com\\n X:https:\/\/x.com\/sec_consult\\n \\n EOF S. Robertz, C. Hager, S. Schweighofer \/ @2026″,”sourceHref”:”https:\/\/packetstorm.news\/download\/223999″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/223999\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-22T20:09:02″,”description”:”Sprecher Automation SPRECON-E-C\/-E-P\/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory, use of static passwords, and hard-coded vendor…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-64889","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n