Page 4 of 20 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. Un atacante remoto no autenticado puede realizar una inyección de comando en el servicio OCPP con privilegios limitados debido a una validación de entrada incorrecta. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the UpdateFirmwareRequest command. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. Un atacante remoto no autenticado puede realizar una inyección de registro debido a una validación de entrada incorrecta. Sólo un determinado archivo de registro se ve afectado. This vulnerability allows network-adjacent attackers to injection malicious content into log files on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. Un atacante remoto no autenticado puede realizar una ejecución remota de código debido a un error de validación de origen. El acceso está limitado al usuario del servicio. This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-346: Origin Validation Error •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. Un atacante remoto no autenticado puede modificar las configuraciones para realizar una ejecución remota de código debido a una falta de autenticación para una función crítica. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on TCP port 5001 by default. The issue results from the lack of proper validation of a user-supplied string before using it to update a configuration. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. Un atacante remoto no autenticado puede cargar un archivo de script arbitrario debido a una validación de entrada incorrecta. El destino de carga es fijo y es de solo escritura. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •