CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25997 – PHOENIX CONTACT: Log injection in CHARX Series
https://notcve.org/view.php?id=CVE-2024-25997
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. Un atacante remoto no autenticado puede realizar una inyección de registro debido a una validación de entrada incorrecta. Sólo un determinado archivo de registro se ve afectado. This vulnerability allows network-adjacent attackers to injection malicious content into log files on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25996 – PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series
https://notcve.org/view.php?id=CVE-2024-25996
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. Un atacante remoto no autenticado puede realizar una ejecución remota de código debido a un error de validación de origen. El acceso está limitado al usuario del servicio. This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25995 – PHOENIX CONTACT: Remote code execution in CHARX Series
https://notcve.org/view.php?id=CVE-2024-25995
An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. Un atacante remoto no autenticado puede modificar las configuraciones para realizar una ejecución remota de código debido a una falta de autenticación para una función crítica. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on TCP port 5001 by default. The issue results from the lack of proper validation of a user-supplied string before using it to update a configuration. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25994 – PHOENIX CONTACT: Unintended script file upload in CHARX Series
https://notcve.org/view.php?id=CVE-2024-25994
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. Un atacante remoto no autenticado puede cargar un archivo de script arbitrario debido a una validación de entrada incorrecta. El destino de carga es fijo y es de solo escritura. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •