CVE-2022-4332
Last modified
CVE-2022-4332 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sprecher-Automation | Sprecon-E-P Dq6-1 Firmware | All versions |
| Sprecher-Automation | Sprecon-E-P Dl6-1 Firmware | All versions |
| Sprecher-Automation | Sprecon-E-P Ds6-0 Firmware | All versions |
| Sprecher-Automation | Sprecon-E-C Firmware | All versions |
| Sprecher-Automation | Sprecon-E-T3 Firmware | All versions |
| Sprecher-Automation | Sprecon-E-Tc Ax-3110 Firmware | All versions |
References
- https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdfMitigation, Vendor Advisory
- https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-4332?
How severe is CVE-2022-4332?
How do I fix CVE-2022-4332?
Are you affected by CVE-2022-4332?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST