Focus on sprecher-automation vulnerabilities and metrics.
Last updated: 08 Mar 2026, 23:25 UTC
This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with sprecher-automation. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.
For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.
Total sprecher-automation CVEs: 7
Earliest CVE date: 25 Dec 2016, 07:59 UTC
Latest CVE date: 02 Dec 2025, 11:15 UTC
Latest CVE reference: CVE-2025-41744
30-day Count (Rolling): 0
365-day Count (Rolling): 3
Calendar-based Variation
Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.
Month Variation (Calendar): 0%
Year Variation (Calendar): 200.0%
Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 200.0%
Average CVSS: 0.66
Max CVSS: 4.6
Critical CVEs (≥9): 0
| Range | Count |
|---|---|
| 0.0-3.9 | 6 |
| 4.0-6.9 | 1 |
| 7.0-8.9 | 0 |
| 9.0-10.0 | 0 |
These are the five CVEs with the highest CVSS scores for sprecher-automation, sorted by severity first and recency.
Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity.
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.
Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers.