CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11497 – Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation
https://notcve.org/view.php?id=CVE-2024-11497
14 Jan 2025 — An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. • https://cert.vde.com/en/advisories/VDE-2024-070 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-6788 – Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password
https://notcve.org/view.php?id=CVE-2024-6788
13 Aug 2024 — A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. • https://github.com/zetraxz/CVE-2024-6788 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28137 – PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series
https://notcve.org/view.php?id=CVE-2024-28137
14 May 2024 — A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability. Un atacante local con privilegios bajos puede realizar una escalada de privilegios con un script de inicio debido a una vulnerabilidad de TOCTOU. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28136 – PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service
https://notcve.org/view.php?id=CVE-2024-28136
14 May 2024 — A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. Un atacante local con privilegios bajos puede utilizar una vulnerabilidad de inyección de comandos para obtener privilegios de root debido a una validación de entrada incorrecta mediante el servicio remoto OCPP. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28135 – PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series
https://notcve.org/view.php?id=CVE-2024-28135
14 May 2024 — A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. Un atacante remoto con pocos privilegios puede utilizar una vulnerabilidad de inyección de comandos en la API que realiza la ejecución remota de código como usuario de la aplicación debido a una validación de entrada incorrecta. La confidencialidad se ve parcialmente afectada. This vulnerabili... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28134 – PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series
https://notcve.org/view.php?id=CVE-2024-28134
14 May 2024 — An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. Un atacante remoto no autenticado puede extraer un token de sesión con un ataque MitM y obtener acceso de administración ... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28133 – PHOENIX CONTACT: Privilege escalation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-28133
14 May 2024 — A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. Un atacante local con pocos privilegios puede utilizar una ruta de búsqueda que no sea de confianza en una utilidad del sistema CHARX para obtener privilegios de root. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system ... • https://cert.vde.com/en/advisories/VDE-2024-019 • CWE-426: Untrusted Search Path •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26288 – PHOENIX CONTACT: Lack of SSL support in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26288
12 Mar 2024 — An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. Un atacante remoto no autenticado puede influir en la comunicación debido a la falta de cifrado de datos confidenciales a través de un MITM. La carga no se ve afectada. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26005 – PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26005
12 Mar 2024 — An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. Un atacante remoto no autenticado puede obtener privilegios de nivel de servicio mediante una limpieza incompleta durante el reinicio del servicio después de un DoS. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. T... • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26004 – PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26004
12 Mar 2024 — An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. Un atacante remoto no autenticado puede hacer DoS a un agente de control debido al acceso de un puntero no inicializado que puede impedir o interrumpir la funcionalidad de carga. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication... • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-824: Access of Uninitialized Pointer •