CVE-2024-28137 – PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series
https://notcve.org/view.php?id=CVE-2024-28137
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the /etc/init.d/user-applications script. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-28136 – PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service
https://notcve.org/view.php?id=CVE-2024-28136
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-20: Improper Input Validation •
CVE-2024-28135 – PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
https://notcve.org/view.php?id=CVE-2024-28135
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. ... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the user-app account. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-20: Improper Input Validation •
CVE-2024-28134 – PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series
https://notcve.org/view.php?id=CVE-2024-28134
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the user-app account. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-28133 – PHOENIX CONTACT: Privilege escalation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-28133
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the charx_set_timezone binary. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-426: Untrusted Search Path •