1. Home
  2. CVE Database
  3. CVE-2022-4333
CRITICAL · 9.8

CVE-2022-4333

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardenin...

Vulnerability Description

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Sprecher-AutomationSprecon-E-P Dq6-1 Firmware-
Sprecher-AutomationSprecon-E-P Dq6-1-
Sprecher-AutomationSprecon-E-P Dl6-1 Firmware-
Sprecher-AutomationSprecon-E-P Dl6-1-
Sprecher-AutomationSprecon-E-P Ds6-0 Firmware-
Sprecher-AutomationSprecon-E-P Ds6-0-
Sprecher-AutomationSprecon-E-C Firmware-
Sprecher-AutomationSprecon-E-C-
Sprecher-AutomationSprecon-E-T3 Firmware-
Sprecher-AutomationSprecon-E-T3-
Sprecher-AutomationSprecon-E-Tc Ax-3110 Firmware-
Sprecher-AutomationSprecon-E-Tc Ax-3110-
Sprecher-AutomationSprecon-E Ap-2200 Firmware-
Sprecher-AutomationSprecon-E Ap-2200-
Sprecher-AutomationSprecon-E Cp-2131 Firmware-
Sprecher-AutomationSprecon-E Cp-2131-
Sprecher-AutomationSprecon-E Cp-2330 Firmware-
Sprecher-AutomationSprecon-E Cp-2330-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2022-4333?

CVE-2022-4333 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardenin...

How severe is CVE-2022-4333?

CVE-2022-4333 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-4333?

Check the references section above for vendor advisories and patch information. Affected products include: Sprecher-Automation Sprecon-E-P Dq6-1 Firmware, Sprecher-Automation Sprecon-E-P Dq6-1, Sprecher-Automation Sprecon-E-P Dl6-1 Firmware, Sprecher-Automation Sprecon-E-P Dl6-1, Sprecher-Automation Sprecon-E-P Ds6-0 Firmware.