The fix is just as bad
Now the software relies on a key that only Sennheiser privately keeps a copy of.
So they've just appointed themselves as a root CA. Wait until that key leaks and...
What would be better in this case would be to generate a unique key on install. If it's only to authenticate 'localhost' then no-one else needs access to that key or to trust it. Plus if an attacker manages to steal a key off someone's installation, it will affect .. no-one else. If they have access to be stealing private keys, your system is already hosed without Sennheiser's help.