An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.
The vulnerability results from improper input validation (CWE-20) in the software of CHARX SEC series devices. An attacker without any credentials can send crafted network requests that modify the device configuration. The lack of proper data validation allows injection of malicious instructions that are then executed with elevated system privileges.
An attacker can gain full control over the device by executing arbitrary code with root privileges, modify its configuration, or completely disable its operation through a DoS attack, which in the EV charging infrastructure environment can have serious operational consequences.
Apply patches available from the manufacturer in accordance with the references. Detailed information about vulnerability-fixing versions is available in the CERT VDE advisory at https://cert.vde.com/en/advisories/VDE-2024-011. Until updates are deployed, it is recommended to isolate devices from public networks and restrict network access using a firewall.
Phoenix Contact CHARX SEC-3000 (firmware), Phoenix Contact CHARX SEC-3050 (firmware), Phoenix Contact CHARX SEC-3100 (firmware) — specific versions indicated in manufacturer references (VDE-2024-011)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhoenixcontact Charx Sec 3000
HWPhoenixcontactwszystkie wersjePhoenixcontact Charx Sec 3000 Firmware
OSPhoenixcontact< 1.5.1Phoenixcontact Charx Sec 3050
HWPhoenixcontactwszystkie wersjePhoenixcontact Charx Sec 3050 Firmware
OSPhoenixcontact< 1.5.1Phoenixcontact Charx Sec 3100
HWPhoenixcontactwszystkie wersjePhoenixcontact Charx Sec 3100 Firmware
OSPhoenixcontact< 1.5.1Phoenixcontact Charx Sec 3150
HWPhoenixcontactwszystkie wersjePhoenixcontact Charx Sec 3150 Firmware
OSPhoenixcontact< 1.5.1
Related vulnerabilities
RCE jako root w sterownikach ładowania Phoenix Contact CHARX SEC-3x00
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate ...
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to ...
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations ...
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint ...