Description
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf
Scores
CVSS v3
4.0
EPSS
0.0005
EPSS Percentile
0.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-326
Status
published
Products (3)
sprecher-automation/sprecon-e-c_firmware
< 9.0
sprecher-automation/sprecon-e-p_firmware
< 9.0
sprecher-automation/sprecon-e-t3_firmware
< 9.0
Published
Dec 02, 2025
Tracked Since
Feb 18, 2026