How to avoid password TCP message sniffing and subsequent hijacking

I’m developing a TCP Streaming API for “IoT” devices in LabView.

The TCP Server will be listening to a certain port, and our devices will try to connect to it. In order to know that the connecting client is from our company, all our servers and clients will share a private key and a password. When the client connects successfully to the socket, it will send the secret password cyphered in AES256 with the private key.

But what prevents an attacker from sniffing a client’s credentials message and resend as it is to the server to gain access? Cyphering doesn’t protect that.