CVE-2022-4333 CRITICAL

CVE-2022-4333: Sprecher: Sprecon maintenance access with hardcoded credentials

Vendor Sprecher Automation
Product SPRECON-E CPU PU243x
Weakness CWE-798 · Hardcoded credentials
Published June 1, 2023
Last update January 10, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.

Key dates

02Disclosure timeline

June 1, 2023 CVE published
January 10, 2025 Record updated