Vulnerabilities > CVE-2022-4332 - Unspecified vulnerability in Sprecher-Automation products

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

sprecher-automation

NVD

Published: 2023-06-01

Updated: 2023-06-09

Summary

In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.

Vulnerable Configurations

Part	Description	Count
OS	Sprecher-Automation Sprecher Automation Sprecon E P DQ6 1 Firmware - Sprecher Automation Sprecon E P DL6 1 Firmware - Sprecher Automation Sprecon E P DS6 0 Firmware - Sprecher Automation Sprecon E C Firmware - Sprecher Automation Sprecon E T3 Firmware - Sprecher Automation Sprecon E TC AX 3110 Firmware -	6
Hardware	Sprecher-Automation Sprecher Automation Sprecon E P DQ6 1 - Sprecher Automation Sprecon E P DL6 1 - Sprecher Automation Sprecon E P DS6 0 - Sprecher Automation Sprecon E C - Sprecher Automation Sprecon E T3 - Sprecher Automation Sprecon E TC AX 3110 -	6

References

https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf