CVE-2024-3913
Phoenix Contact: Start sequence allows attack during the boot process
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firewall. The issue results from incorrect ordering and synchronization of services during startup. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.
*Credits:
Alex Olson, "gadha", Trend Micro's Zero Day Initiative
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-17 CVE Reserved
- 2024-08-13 CVE Published
- 2024-08-20 CVE Updated
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2024-022 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenix Contact Search vendor "Phoenix Contact" | CHARX SEC-3000 (1139022) Search vendor "Phoenix Contact" for product "CHARX SEC-3000 (1139022)" | >= 0.0.0 < 1.7.0 Search vendor "Phoenix Contact" for product "CHARX SEC-3000 (1139022)" and version " >= 0.0.0 < 1.7.0" | en |
Affected
| ||||||
| Phoenix Contact Search vendor "Phoenix Contact" | CHARX SEC-3050 (1139018) Search vendor "Phoenix Contact" for product "CHARX SEC-3050 (1139018)" | >= 0.0.0 < 1.7.0 Search vendor "Phoenix Contact" for product "CHARX SEC-3050 (1139018)" and version " >= 0.0.0 < 1.7.0" | en |
Affected
| ||||||
| Phoenix Contact Search vendor "Phoenix Contact" | CHARX SEC-3100 (1139012) Search vendor "Phoenix Contact" for product "CHARX SEC-3100 (1139012)" | >= 0.0.0 < 1.7.0 Search vendor "Phoenix Contact" for product "CHARX SEC-3100 (1139012)" and version " >= 0.0.0 < 1.7.0" | en |
Affected
| ||||||
| Phoenix Contact Search vendor "Phoenix Contact" | CHARX SEC-3150 (1139012) Search vendor "Phoenix Contact" for product "CHARX SEC-3150 (1139012)" | >= 0.0.0 < 1.7.0 Search vendor "Phoenix Contact" for product "CHARX SEC-3150 (1139012)" and version " >= 0.0.0 < 1.7.0" | en |
Affected
| ||||||