Vulnerability Description
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sprecher-Automation | Sprecon-E | < 8.64b |
Related Weaknesses (CWE)
References
- https://www.sprecher-automation.com/en/it-security/Vendor Advisory
- https://www.sprecher-automation.com/en/it-security/Vendor Advisory
FAQ
What is CVE-2020-11496?
CVE-2020-11496 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device si...
How severe is CVE-2020-11496?
CVE-2020-11496 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11496?
Check the references section above for vendor advisories and patch information. Affected products include: Sprecher-Automation Sprecon-E.