Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 Cryptographic Key Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in Sprecher Automation's SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 products, allowing unauthorized remote attackers to exploit default cryptographic keys. This vulnerability enables attackers to read, modify, and write project and data files, or access devices through remote maintenance. The issue arises from the use of static, non-unique cryptographic keys, which compromise the confidentiality and integrity of project, configuration, and maintenance files. Additionally, the vulnerability can lead to incorrect identification of assets during maintenance, potentially causing operational disruptions.

Impact

Exploitation of this vulnerability could result in unauthorized access to and modification of project and configuration files, disruption of maintenance processes by misidentifying assets, and unauthorized access to devices via remote maintenance.

Remediation

Sprecher Automation recommends regularly monitoring system integrity to detect unauthorized changes to project and configuration files. This can be done using SNMP to integrate status and checksum checks into a central network monitoring system, or through manual comparisons with a known safe backup. Additionally, it is advised to harden access controls by physically securing all control components and network devices, segmenting automation systems from office and internet networks, and applying the principle of least privilege in user rights management.