{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-41742","assignerOrgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","state":"PUBLISHED","assignerShortName":"CERTVDE","dateReserved":"2025-04-16T11:17:48.321Z","datePublished":"2025-12-02T10:39:08.982Z","dateUpdated":"2025-12-02T16:54:31.534Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SPRECON-E-C","vendor":"Sprecher Automation","versions":[{"status":"affected","version":"*"}]},{"defaultStatus":"unaffected","product":"SPRECON-E-P","vendor":"Sprecher Automation","versions":[{"status":"affected","version":"*"}]},{"defaultStatus":"unaffected","product":"SPRECON-E-T3","vendor":"Sprecher Automation","versions":[{"status":"affected","version":"*"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Sec-Consult Security Labs"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."}],"value":"Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1394","description":"CWE-1394 Use of Default Cryptographic Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","shortName":"CERTVDE","dateUpdated":"2025-12-02T10:39:08.982Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf"}],"source":{"defect":["CERT@VDE#641892"],"discovery":"UNKNOWN"},"title":"Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-02T16:53:16.856849Z","id":"CVE-2025-41742","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-02T16:54:31.534Z"}}]}}