CVE-2022-4333 - OpenCVE

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sprecher-automation	Sprecon-e Cp-2131 Sprecon-e-p Ds6-0 Firmware Sprecon-e-p Dl6-1 Firmware Sprecon-e-c Firmware Sprecon-e-tc Ax-3110 Firmware Sprecon-e-t3 Sprecon-e Cp-2131 Firmware Sprecon-e Ap-2200 Sprecon-e Cp-2330 Firmware Sprecon-e-c Sprecon-e-tc Ax-3110 Sprecon-e-t3 Firmware Sprecon-e-p Dq6-1 Firmware Sprecon-e-p Ds6-0 Sprecon-e-p Dq6-1 Sprecon-e Cp-2330 Sprecon-e-p Dl6-1 Sprecon-e Ap-2200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e-p_dq6-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e-p_dq6-1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e-p_dl6-1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e-p_dl6-1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e-p_ds6-0_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e-p_ds6-0:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e-c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e-c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e-t3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e-t3:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e-tc_ax-3110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e-tc_ax-3110:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e_ap-2200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e_ap-2200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e_cp-2131_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e_cp-2131:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sprecher-automation:sprecon-e_cp-2330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sprecher-automation:sprecon-e_cp-2330:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-06-01T05:36:22.128Z

Updated: 2023-06-01T05:36:22.128Z

Reserved: 2022-12-07T11:22:39.639Z

Link: CVE-2022-4333

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-01T06:15:13.070

Modified: 2023-06-09T18:23:32.447

Link: CVE-2022-4333

JSON object: View

Redhat Information

No data.

CWE

CWE-798