CVE-2025-41744
CRITICALDescription
Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| sprecher-automation | sprecon-e-c_firmware |
| sprecher-automation | sprecon-e-c |
| sprecher-automation | sprecon-e-p_firmware |
| sprecher-automation | sprecon-e-p |
| sprecher-automation | sprecon-e-t3_firmware |
| sprecher-automation | sprecon-e-t3 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-41744? +
How severe is CVE-2025-41744? +
What products are affected by CVE-2025-41744? +
How do I check if I'm vulnerable to CVE-2025-41744? +
Related Vulnerabilities
Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, …
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch …
Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use …
Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to …
Use of Default Cryptographic Key (CWE-1394)
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 …