CVE-2022-4332
MEDIUMSprecher Automation SPRECON-E-C/P/T3 PU244x - Code Injection
Title source: llmDescription
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf
Scores
CVSS v3
6.8
EPSS
0.0034
EPSS Percentile
25.4%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (6)
sprecher-automation/sprecon-e-c_firmware
sprecher-automation/sprecon-e-p_dl6-1_firmware
sprecher-automation/sprecon-e-p_dq6-1_firmware
sprecher-automation/sprecon-e-p_ds6-0_firmware
sprecher-automation/sprecon-e-t3_firmware
sprecher-automation/sprecon-e-tc_ax-3110_firmware
Published
Jun 01, 2023
Tracked Since
Feb 18, 2026