{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41742", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.321Z", "datePublished": "2025-12-02T10:39:08.982Z", "dateUpdated": "2025-12-02T16:54:31.534Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SPRECON-E-C", "vendor": "Sprecher Automation", "versions": [{"status": "affected", "version": "*"}]}, {"defaultStatus": "unaffected", "product": "SPRECON-E-P", "vendor": "Sprecher Automation", "versions": [{"status": "affected", "version": "*"}]}, {"defaultStatus": "unaffected", "product": "SPRECON-E-T3", "vendor": "Sprecher Automation", "versions": [{"status": "affected", "version": "*"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Sec-Consult Security Labs"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."}], "value": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1394", "description": "CWE-1394 Use of Default Cryptographic Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-12-02T10:39:08.982Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"}], "source": {"defect": ["CERT@VDE#641892"], "discovery": "UNKNOWN"}, "title": "Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-02T16:53:16.856849Z", "id": "CVE-2025-41742", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T16:54:31.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-02T16:53:16.856849Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T16:53:17.993Z"}}], "cna": {"title": "Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components", "source": {"defect": ["CERT@VDE#641892"], "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Sec-Consult Security Labs"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sprecher Automation", "product": "SPRECON-E-C", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}, {"vendor": "Sprecher Automation", "product": "SPRECON-E-P", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}, {"vendor": "Sprecher Automation", "product": "SPRECON-E-T3", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.", "supportingMedia": [{"type": "text/html", "value": "Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1394", "description": "CWE-1394 Use of Default Cryptographic Key"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-12-02T10:39:08.982Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41742", "state": "PUBLISHED", "dateUpdated": "2025-12-02T16:54:31.534Z", "dateReserved": "2025-04-16T11:17:48.321Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-12-02T10:39:08.982Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sprecher Automations SPRECON-E-C, \u00a0SPRECON-E-P, SPRECON-E-T3\u00a0is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."}], "id": "CVE-2025-41742", "lastModified": "2025-12-02T17:16:29.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2025-12-02T11:15:51.153", "references": [{"source": "info@cert.vde.com", "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1394"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"created": "2025-12-03T12:10:12.713588+00:00", "updated": "2025-12-03T12:10:12.713615+00:00", "vendors": ["sprecher-automation", "sprecher-automation$PRODUCT$sprecon-e-c", "sprecher-automation$PRODUCT$sprecon-e-t3"]}