CVE-2025-41742 — CRITICAL (9.8)

Vulnerability Description

Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sprecher-Automation	Sprecon-E-C Firmware	-
Sprecher-Automation	Sprecon-E-C	All versions
Sprecher-Automation	Sprecon-E-P Firmware	-
Sprecher-Automation	Sprecon-E-P	All versions
Sprecher-Automation	Sprecon-E-T3 Firmware	-
Sprecher-Automation	Sprecon-E-T3	All versions

Related Weaknesses (CWE)

CWE-1394

References

https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdfVendor Advisory

FAQ

What is CVE-2025-41742?

CVE-2025-41742 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to rea...

How severe is CVE-2025-41742?

CVE-2025-41742 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-41742?

Check the references section above for vendor advisories and patch information. Affected products include: Sprecher-Automation Sprecon-E-C Firmware, Sprecher-Automation Sprecon-E-C, Sprecher-Automation Sprecon-E-P Firmware, Sprecher-Automation Sprecon-E-P, Sprecher-Automation Sprecon-E-T3 Firmware.