CVE-2025-41744

CRITICAL

Sprecher Automations SPRECON-E - Info Disclosure

Title source: llm

Description

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.

Exploits (2)

github SUSPICIOUS

by gromila7813 · poc

https://github.com/gromila7813/CVE-2025-41744

View Code ZIP pw:eip

github SUSPICIOUS

by sinrinmagic43 · poc

https://github.com/sinrinmagic43/CVE-2025-41744-Poc

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511043_de.pdf

Scores

CVSS v3 9.1

EPSS 0.0008

EPSS Percentile 22.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-1394

Status published

Products (3)

sprecher-automation/sprecon-e-c_firmware

sprecher-automation/sprecon-e-p_firmware

sprecher-automation/sprecon-e-t3_firmware

Published Dec 02, 2025

Tracked Since Feb 18, 2026