CVE-2025-41743— Sprecher Automation: SPRECON-E series prone to weak encryption of update files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41743
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sprecher Automation: SPRECON-E series prone to weak encryption of update files
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的加密强度
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P都是奥地利Sprecher Automation公司的一个自动化控制和遥控设备。 Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P存在加密问题漏洞,该漏洞源于加密强度不足,可能导致本地攻击者提取数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Sprecher Automation | SPRECON-E-C | 1.0 ~ 9.0 | - | |
| Sprecher Automation | SPRECON-E-P | 1.0 ~ 9.0 | - | |
| Sprecher Automation | SPRECON-E-T3 | 1.0 ~ 9.0 | - |
II. Public POCs for CVE-2025-41743
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41743
请登录查看更多情报信息。
Same Patch Batch · Sprecher Automation · 2025-12-02 · 3 CVEs total
| CVE-2025-41742 | 9.8 CRITICAL | Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of stati |
| CVE-2025-41744 | 9.1 CRITICAL | Sprecher Automation: SPRECON-E series has static default key material for TLS connections |
IV. Related Vulnerabilities
Same vendor: Sprecher Automation
- CVE-2025-41742
Sprecher Automation: SPRECON-E series has a critical vulnera - CVE-2025-41744
Sprecher Automation: SPRECON-E series has static default key - CVE-2024-6758
Improper Privilege Management vulnerability in Sprecher Auto - CVE-2022-4332
Sprecher: Vulnerable firmware verification - CVE-2022-4333
Sprecher: Sprecon maintenance access with hardcoded credenti
Same weakness: CWE-326
- CVE-2018-25272
ELBA5 5.8.0 Remote Code Execution via Database Access - CVE-2025-1241
Encryption vulnerable to brute-force decryption in GoAnywher - CVE-2026-5363
Use of weak cryptographic key in TP-Link Archer C7 - CVE-2026-39349
OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables - CVE-2026-33488
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512
V. Comments for CVE-2025-41743
No comments yet