Search

Find a vulnerability

Search criteria

    62 vulnerabilities found for CHARX SEC-3050 by Phoenix Contact

    CVE-2026-41032 (GCVE-0-2026-41032)

    Vulnerability from nvd – Published: 2026-06-03 10:16 – Updated: 2026-06-03 12:39
    VLAI
    Title
    Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
    Summary
    It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Credits
    Piotr Ptaszek, Mateusz Wójcik from ZDI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:39:30.651560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:39:40.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Piotr Ptaszek, Mateusz W\u00f3jcik from ZDI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information."
                }
              ],
              "value": "It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T10:16:16.992Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-060/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-060",
            "defect": [
              "CERT@VDE#642036"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-41032",
        "datePublished": "2026-06-03T10:16:16.992Z",
        "dateReserved": "2026-04-16T06:00:17.600Z",
        "dateUpdated": "2026-06-03T12:39:40.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41699 (GCVE-0-2025-41699)

    Vulnerability from nvd – Published: 2025-10-14 08:35 – Updated: 2025-10-15 06:36
    VLAI
    Title
    Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
    Summary
    An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Credits
    Ryo Kato of Panasonic Holdings Corporation
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T18:43:34.170197Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T18:43:41.706Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryo Kato of Panasonic Holdings Corporation"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027)."
                }
              ],
              "value": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:36:45.974Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json"
            }
          ],
          "source": {
            "advisory": "VDE-2025-074",
            "defect": [
              "CERT@VDE#641840"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41699",
        "datePublished": "2025-10-14T08:35:05.215Z",
        "dateReserved": "2025-04-16T11:17:48.310Z",
        "dateUpdated": "2025-10-15T06:36:45.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25271 (GCVE-0-2025-25271)

    Vulnerability from nvd – Published: 2025-07-08 07:01 – Updated: 2025-07-22 07:50
    VLAI
    Title
    OCPP Backend Configuration via Insecure Defaults
    Summary
    An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    References
    Impacted products
    Credits
    Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:31.539913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:28:44.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T07:50:50.592Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "OCPP Backend Configuration via Insecure Defaults",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25271",
        "datePublished": "2025-07-08T07:01:33.274Z",
        "dateReserved": "2025-02-06T13:19:38.484Z",
        "dateUpdated": "2025-07-22T07:50:50.592Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25270 (GCVE-0-2025-25270)

    Vulnerability from nvd – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:28
    VLAI
    Title
    Remote Code Execution via Unauthenticated Configuration Manipulation
    Summary
    An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-913 - Improper Control of Dynamically-Managed Code Resources
    Assigner
    References
    Impacted products
    Credits
    Tobias Scharnowski Felix Buchmann Kristian Covic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:15:27.812302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:28:53.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tobias Scharnowski"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Felix Buchmann"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kristian Covic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-913",
                  "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:58.478Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution via Unauthenticated Configuration Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25270",
        "datePublished": "2025-07-08T07:00:58.478Z",
        "dateReserved": "2025-02-06T13:19:38.483Z",
        "dateUpdated": "2025-07-08T14:28:53.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25269 (GCVE-0-2025-25269)

    Vulnerability from nvd – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Local Privilege Escalation via Unauthenticated Command Injection
    Summary
    An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Credits
    HT3 Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:34.298289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:03.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "HT3 Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:42.749Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation via Unauthenticated Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25269",
        "datePublished": "2025-07-08T07:00:42.749Z",
        "dateReserved": "2025-02-06T13:19:38.483Z",
        "dateUpdated": "2025-07-08T14:29:03.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25268 (GCVE-0-2025-25268)

    Vulnerability from nvd – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Unauthenticated Configuration Access via Exposed API Endpoint
    Summary
    An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Credits
    HT3 Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:36.385330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:11.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "HT3 Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:27.103Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Configuration Access via Exposed API Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25268",
        "datePublished": "2025-07-08T07:00:27.103Z",
        "dateReserved": "2025-02-06T13:19:38.483Z",
        "dateUpdated": "2025-07-08T14:29:11.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24006 (GCVE-0-2025-24006)

    Vulnerability from nvd – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Privilege Escalation via Insecure SSH Permissions
    Summary
    A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:38.428912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:19.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.\u003cbr\u003e"
                }
              ],
              "value": "A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:04.532Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Escalation via Insecure SSH Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24006",
        "datePublished": "2025-07-08T07:00:03.724Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T14:29:19.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24005 (GCVE-0-2025-24005)

    Vulnerability from nvd – Published: 2025-07-08 06:59 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Local Privilege Escalation via Vulnerable SSH Script
    Summary
    A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:40.951749Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:26.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.\u003cbr\u003e"
                }
              ],
              "value": "A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:59:45.822Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation via Vulnerable SSH Script",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24005",
        "datePublished": "2025-07-08T06:59:45.822Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T14:29:26.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24004 (GCVE-0-2025-24004)

    Vulnerability from nvd – Published: 2025-07-08 06:59 – Updated: 2025-07-08 13:37
    VLAI
    Title
    USB-C Buffer Overflow via Display Interface in EV Charging Stations
    Summary
    A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T13:37:15.630528Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T13:37:47.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog."
                }
              ],
              "value": "A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:59:32.300Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641816"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "USB-C Buffer Overflow via Display Interface in EV Charging Stations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24004",
        "datePublished": "2025-07-08T06:59:32.300Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T13:37:47.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24003 (GCVE-0-2025-24003)

    Vulnerability from nvd – Published: 2025-07-08 06:59 – Updated: 2025-07-08 13:38
    VLAI
    Title
    MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations
    Summary
    An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T13:38:52.356516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T13:38:55.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."
                }
              ],
              "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:59:17.316Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24003",
        "datePublished": "2025-07-08T06:59:17.316Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T13:38:55.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24002 (GCVE-0-2025-24002)

    Vulnerability from nvd – Published: 2025-07-08 06:58 – Updated: 2025-07-08 13:39
    VLAI
    Title
    MQTT DoS Vulnerability in German EV Charging Stations
    Summary
    An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T13:39:22.906184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T13:39:35.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:58:58.916Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MQTT DoS Vulnerability in German EV Charging Stations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24002",
        "datePublished": "2025-07-08T06:58:58.916Z",
        "dateReserved": "2025-01-16T15:48:36.249Z",
        "dateUpdated": "2025-07-08T13:39:35.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11497 (GCVE-0-2024-11497)

    Vulnerability from nvd – Published: 2025-01-14 13:55 – Updated: 2025-01-14 14:17
    VLAI
    Title
    Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation
    Summary
    An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Credits
    Tien Phan Richard Jaletzki
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11497",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T14:17:32.681825Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T14:17:44.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tien Phan"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Richard Jaletzki"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T13:55:57.890Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-070"
            }
          ],
          "source": {
            "advisory": "VDE-2024-070",
            "defect": [
              "CERT@VDE#641697"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-11497",
        "datePublished": "2025-01-14T13:55:57.890Z",
        "dateReserved": "2024-11-20T10:45:49.608Z",
        "dateUpdated": "2025-01-14T14:17:44.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6788 (GCVE-0-2024-6788)

    Vulnerability from nvd – Published: 2024-08-13 13:15 – Updated: 2025-08-22 10:24
    VLAI
    Title
    Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password
    Summary
    A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT CHARX SEC-3000 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3050 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3100 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3150 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    phoenixcontact charx_sec_3150 Affected: 0 , < 1.6.3 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
        cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
        cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
        cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    McCaulay Hudson Alexander Plaskett NCC Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "charx_sec_3150",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThan": "1.6.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T16:40:42.748470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T16:50:38.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "McCaulay Hudson"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Alexander Plaskett"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "NCC Group"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user \u201cuser-app\u201d to the default password.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user \u201cuser-app\u201d to the default password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392 Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T10:24:58.187Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-022"
            }
          ],
          "source": {
            "advisory": "VDE-2024-022",
            "defect": [
              "CERT@VDE#641622"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-6788",
        "datePublished": "2024-08-13T13:15:03.120Z",
        "dateReserved": "2024-07-16T12:18:00.312Z",
        "dateUpdated": "2025-08-22T10:24:58.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28137 (GCVE-0-2024-28137)

    Vulnerability from nvd – Published: 2024-05-14 08:10 – Updated: 2024-08-02 00:48
    VLAI
    Title
    PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series
    Summary
    A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT CHARX SEC-3000 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3050 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3100 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3150 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    phoenixcontact charx_sec_3000 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3050 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3100 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3150 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Trend Micro's Zero Day Initiative Todd Manning
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3000",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3050",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3100",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3150",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T14:15:00.603552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:25:47.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro\u0027s Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Todd Manning"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003e\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003c/p\u003e\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eA local attacker with low privileges can\u0026nbsp;perform a privilege escalation with an init script due to a  TOCTOU vulnerability.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
                }
              ],
              "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local attacker with low privileges can\u00a0perform a privilege escalation with an init script due to a  TOCTOU vulnerability.\n\n\n\n\n\n\n\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T11:48:50.771Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
            }
          ],
          "source": {
            "advisory": "VDE-2024-019",
            "defect": [
              "CERT@VDE#64664"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: privilege escalation due to a  TOCTOU vulnerability in the CHARX Series ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-28137",
        "datePublished": "2024-05-14T08:10:06.014Z",
        "dateReserved": "2024-03-05T08:10:25.697Z",
        "dateUpdated": "2024-08-02T00:48:49.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28136 (GCVE-0-2024-28136)

    Vulnerability from nvd – Published: 2024-05-14 08:09 – Updated: 2025-01-24 06:33
    VLAI
    Title
    PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service
    Summary
    A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT CHARX SEC-3000 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3050 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3100 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3150 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    phoenixcontact charx_sec_3000 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3050 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3100 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3150 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Trend Micro's Zero Day Initiative @ByteInsight
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3000",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3050",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3100",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3150",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T13:43:24.083625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:25:25.119Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.214Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro\u0027s Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "@ByteInsight"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003e\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003c/p\u003e\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eA local attacker with low privileges can \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euse a command injection vulnerability to \u003c/span\u003egain root\nprivileges due to improper input validation using the OCPP Remote service.\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e"
                }
              ],
              "value": "A local attacker with low privileges can use a command injection vulnerability to gain root\nprivileges due to improper input validation using the OCPP Remote service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-24T06:33:52.412Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
            }
          ],
          "source": {
            "advisory": "VDE-2024-019",
            "defect": [
              "CERT@VDE#64664"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-28136",
        "datePublished": "2024-05-14T08:09:52.725Z",
        "dateReserved": "2024-03-05T08:10:25.697Z",
        "dateUpdated": "2025-01-24T06:33:52.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28135 (GCVE-0-2024-28135)

    Vulnerability from nvd – Published: 2024-05-14 08:09 – Updated: 2025-01-24 06:35
    VLAI
    Title
    PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
    Summary
    A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT CHARX SEC-3000 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3050 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3100 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3150 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    phoenixcontact charx_sec_3050 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3100 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3000 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3150 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Trend Micro's Zero Day Initiative Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3050",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3100",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3000",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3150",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T15:03:58.528873Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:24:54.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro\u0027s Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003e\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003c/p\u003e\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eA low privileged remote attacker can use\u0026nbsp;a command injection vulnerability in the API which performs\nremote code execution \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eas the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euser-app\u0026nbsp;\u003c/span\u003euser\u0026nbsp;\u003c/span\u003edue to improper input validation. The confidentiality is partly affected.\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e"
                }
              ],
              "value": "A low privileged remote attacker can use\u00a0a command injection vulnerability in the API which performs\nremote code execution as the user-app\u00a0user\u00a0due to improper input validation. The confidentiality is partly affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-24T06:35:03.912Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
            }
          ],
          "source": {
            "advisory": "VDE-2024-019",
            "defect": [
              "CERT@VDE#64664"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-28135",
        "datePublished": "2024-05-14T08:09:39.703Z",
        "dateReserved": "2024-03-05T08:10:25.697Z",
        "dateUpdated": "2025-01-24T06:35:03.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28134 (GCVE-0-2024-28134)

    Vulnerability from nvd – Published: 2024-05-14 08:09 – Updated: 2024-08-02 00:48
    VLAI
    Title
    PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series
    Summary
    An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. 
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT CHARX SEC-3000 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3050 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3100 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3150 Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    phoenixcontact charx_sec_3000 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3100 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3150 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
    Create a notification for this product.
    phoenixcontact charx_sec_3050 Affected: 0 , ≤ 1.5.1 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Trend Micro's Zero Day Initiative Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3000",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3100",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3150",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "charx_sec_3050",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T14:17:34.394686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:24:34.250Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Trend Micro\u0027s Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003e\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003c/p\u003e\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eAn unauthenticated remote attacker can extract a session token with a MitM attack and gain\u0026nbsp;web-based\nmanagement access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo additional user interaction is required.\u0026nbsp;\u003c/span\u003eThe access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
                }
              ],
              "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tAn unauthenticated remote attacker can extract a session token with a MitM attack and gain\u00a0web-based\nmanagement access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required.\u00a0The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T11:48:10.617Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-019"
            }
          ],
          "source": {
            "advisory": "VDE-2024-019",
            "defect": [
              "CERT@VDE#64664"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-28134",
        "datePublished": "2024-05-14T08:09:24.900Z",
        "dateReserved": "2024-03-05T08:10:25.696Z",
        "dateUpdated": "2024-08-02T00:48:49.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-41032 (GCVE-0-2026-41032)

    Vulnerability from cvelistv5 – Published: 2026-06-03 10:16 – Updated: 2026-06-03 12:39
    VLAI
    Title
    Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
    Summary
    It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Credits
    Piotr Ptaszek, Mateusz Wójcik from ZDI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41032",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T12:39:30.651560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T12:39:40.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:phoenix_contact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.9.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Piotr Ptaszek, Mateusz W\u00f3jcik from ZDI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information."
                }
              ],
              "value": "It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T10:16:16.992Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-060/"
            }
          ],
          "source": {
            "advisory": "VDE-2026-060",
            "defect": [
              "CERT@VDE#642036"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-41032",
        "datePublished": "2026-06-03T10:16:16.992Z",
        "dateReserved": "2026-04-16T06:00:17.600Z",
        "dateUpdated": "2026-06-03T12:39:40.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41699 (GCVE-0-2025-41699)

    Vulnerability from cvelistv5 – Published: 2025-10-14 08:35 – Updated: 2025-10-15 06:36
    VLAI
    Title
    Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
    Summary
    An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Credits
    Ryo Kato of Panasonic Holdings Corporation
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T18:43:34.170197Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T18:43:41.706Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ryo Kato of Panasonic Holdings Corporation"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027)."
                }
              ],
              "value": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:36:45.974Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json"
            }
          ],
          "source": {
            "advisory": "VDE-2025-074",
            "defect": [
              "CERT@VDE#641840"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41699",
        "datePublished": "2025-10-14T08:35:05.215Z",
        "dateReserved": "2025-04-16T11:17:48.310Z",
        "dateUpdated": "2025-10-15T06:36:45.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25271 (GCVE-0-2025-25271)

    Vulnerability from cvelistv5 – Published: 2025-07-08 07:01 – Updated: 2025-07-22 07:50
    VLAI
    Title
    OCPP Backend Configuration via Insecure Defaults
    Summary
    An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    References
    Impacted products
    Credits
    Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:31.539913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:28:44.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T07:50:50.592Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "OCPP Backend Configuration via Insecure Defaults",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25271",
        "datePublished": "2025-07-08T07:01:33.274Z",
        "dateReserved": "2025-02-06T13:19:38.484Z",
        "dateUpdated": "2025-07-22T07:50:50.592Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25270 (GCVE-0-2025-25270)

    Vulnerability from cvelistv5 – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:28
    VLAI
    Title
    Remote Code Execution via Unauthenticated Configuration Manipulation
    Summary
    An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-913 - Improper Control of Dynamically-Managed Code Resources
    Assigner
    References
    Impacted products
    Credits
    Tobias Scharnowski Felix Buchmann Kristian Covic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:15:27.812302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:28:53.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tobias Scharnowski"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Felix Buchmann"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kristian Covic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-913",
                  "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:58.478Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution via Unauthenticated Configuration Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25270",
        "datePublished": "2025-07-08T07:00:58.478Z",
        "dateReserved": "2025-02-06T13:19:38.483Z",
        "dateUpdated": "2025-07-08T14:28:53.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25269 (GCVE-0-2025-25269)

    Vulnerability from cvelistv5 – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Local Privilege Escalation via Unauthenticated Command Injection
    Summary
    An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Credits
    HT3 Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:34.298289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:03.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "HT3 Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:42.749Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation via Unauthenticated Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25269",
        "datePublished": "2025-07-08T07:00:42.749Z",
        "dateReserved": "2025-02-06T13:19:38.483Z",
        "dateUpdated": "2025-07-08T14:29:03.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25268 (GCVE-0-2025-25268)

    Vulnerability from cvelistv5 – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Unauthenticated Configuration Access via Exposed API Endpoint
    Summary
    An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Credits
    HT3 Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:36.385330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:11.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "HT3 Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:27.103Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-019"
            }
          ],
          "source": {
            "advisory": "VDE-2025-019",
            "defect": [
              "CERT@VDE#641747"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Configuration Access via Exposed API Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-25268",
        "datePublished": "2025-07-08T07:00:27.103Z",
        "dateReserved": "2025-02-06T13:19:38.483Z",
        "dateUpdated": "2025-07-08T14:29:11.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24006 (GCVE-0-2025-24006)

    Vulnerability from cvelistv5 – Published: 2025-07-08 07:00 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Privilege Escalation via Insecure SSH Permissions
    Summary
    A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:38.428912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:19.578Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.\u003cbr\u003e"
                }
              ],
              "value": "A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T07:00:04.532Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Escalation via Insecure SSH Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24006",
        "datePublished": "2025-07-08T07:00:03.724Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T14:29:19.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24005 (GCVE-0-2025-24005)

    Vulnerability from cvelistv5 – Published: 2025-07-08 06:59 – Updated: 2025-07-08 14:29
    VLAI
    Title
    Local Privilege Escalation via Vulnerable SSH Script
    Summary
    A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:23:40.951749Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T14:29:26.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.7.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.\u003cbr\u003e"
                }
              ],
              "value": "A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:59:45.822Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Local Privilege Escalation via Vulnerable SSH Script",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24005",
        "datePublished": "2025-07-08T06:59:45.822Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T14:29:26.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24004 (GCVE-0-2025-24004)

    Vulnerability from cvelistv5 – Published: 2025-07-08 06:59 – Updated: 2025-07-08 13:37
    VLAI
    Title
    USB-C Buffer Overflow via Display Interface in EV Charging Stations
    Summary
    A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T13:37:15.630528Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T13:37:47.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog."
                }
              ],
              "value": "A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:59:32.300Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641816"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "USB-C Buffer Overflow via Display Interface in EV Charging Stations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24004",
        "datePublished": "2025-07-08T06:59:32.300Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T13:37:47.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24003 (GCVE-0-2025-24003)

    Vulnerability from cvelistv5 – Published: 2025-07-08 06:59 – Updated: 2025-07-08 13:38
    VLAI
    Title
    MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations
    Summary
    An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T13:38:52.356516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T13:38:55.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."
                }
              ],
              "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:59:17.316Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24003",
        "datePublished": "2025-07-08T06:59:17.316Z",
        "dateReserved": "2025-01-16T15:48:36.250Z",
        "dateUpdated": "2025-07-08T13:38:55.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24002 (GCVE-0-2025-24002)

    Vulnerability from cvelistv5 – Published: 2025-07-08 06:58 – Updated: 2025-07-08 13:39
    VLAI
    Title
    MQTT DoS Vulnerability in German EV Charging Stations
    Summary
    An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Credits
    Jesson Soto Ventura Matthew Waddell
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T13:39:22.906184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T13:39:35.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Jesson Soto Ventura"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthew Waddell"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T06:58:58.916Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-014"
            }
          ],
          "source": {
            "advisory": "VDE-2025-014",
            "defect": [
              "CERT@VDE#641739"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MQTT DoS Vulnerability in German EV Charging Stations",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-24002",
        "datePublished": "2025-07-08T06:58:58.916Z",
        "dateReserved": "2025-01-16T15:48:36.249Z",
        "dateUpdated": "2025-07-08T13:39:35.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11497 (GCVE-0-2024-11497)

    Vulnerability from cvelistv5 – Published: 2025-01-14 13:55 – Updated: 2025-01-14 14:17
    VLAI
    Title
    Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation
    Summary
    An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Credits
    Tien Phan Richard Jaletzki
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11497",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T14:17:32.681825Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T14:17:44.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Tien Phan"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Richard Jaletzki"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T13:55:57.890Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-070"
            }
          ],
          "source": {
            "advisory": "VDE-2024-070",
            "defect": [
              "CERT@VDE#641697"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-11497",
        "datePublished": "2025-01-14T13:55:57.890Z",
        "dateReserved": "2024-11-20T10:45:49.608Z",
        "dateUpdated": "2025-01-14T14:17:44.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6788 (GCVE-0-2024-6788)

    Vulnerability from cvelistv5 – Published: 2024-08-13 13:15 – Updated: 2025-08-22 10:24
    VLAI
    Title
    Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password
    Summary
    A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHOENIX CONTACT CHARX SEC-3000 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3050 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3100 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    PHOENIX CONTACT CHARX SEC-3150 Affected: 0 , < 1.6.3 (semver)
    Create a notification for this product.
    phoenixcontact charx_sec_3150 Affected: 0 , < 1.6.3 (custom)
        cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
        cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
        cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
        cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    McCaulay Hudson Alexander Plaskett NCC Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "charx_sec_3150",
                "vendor": "phoenixcontact",
                "versions": [
                  {
                    "lessThan": "1.6.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6788",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T16:40:42.748470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T16:50:38.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3000",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3050",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3100",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CHARX SEC-3150",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "McCaulay Hudson"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Alexander Plaskett"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "NCC Group"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user \u201cuser-app\u201d to the default password.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user \u201cuser-app\u201d to the default password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392 Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T10:24:58.187Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-022"
            }
          ],
          "source": {
            "advisory": "VDE-2024-022",
            "defect": [
              "CERT@VDE#641622"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-6788",
        "datePublished": "2024-08-13T13:15:03.120Z",
        "dateReserved": "2024-07-16T12:18:00.312Z",
        "dateUpdated": "2025-08-22T10:24:58.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }