CVE-2020-11496
MEDIUMSprecher SPRECON-E < 8.64b - Arbitrary Code Execution via Malicious PDL Parameter Files
Title source: llmDescription
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.sprecher-automation.com/en/it-security/
Scores
CVSS v3
6.7
EPSS
0.0032
EPSS Percentile
23.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-77
Status
published
Products (1)
sprecher-automation/sprecon-e
< 8.64b
Published
Oct 19, 2020
Tracked Since
Feb 18, 2026