CVE-2024-25994

🗓️ 12 Mar 2024 08:10:46Reported by CERTVDEType

An unauthenticated remote attacker can upload arbitrary script file due to improper input validation. The upload destination is fixed and write only

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-25994	12 Mar 202410:26	–	circl
CNNVD	PHOENIX CONTACT CHARX SEC Input Validation Error Vulnerability	12 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series	12 Mar 202408:10	–	cvelist
EUVD	EUVD-2024-23290	3 Oct 202520:07	–	euvd
NVD	CVE-2024-25994	12 Mar 202409:15	–	nvd
OSV	CVE-2024-25994	12 Mar 202409:15	–	osv
Prion	Input validation	12 Mar 202409:15	–	prion
Positive Technologies	PT-2024-21270 · Phoenix Contact · Charx Sec-3100 Charxupdateagent	12 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-25994	23 May 202509:55	–	redhatcve
The Hacker News	⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More	31 Mar 202511:25	–	thn

NVD

Vulners

Vulnrichment

Node

phoenixcontact charx_sec-3000_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3000Match-

Node

phoenixcontact charx_sec-3050_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3050Match-

Node

phoenixcontact charx_sec-3100_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3100Match-

Node

phoenixcontact charx_sec-3150_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3150Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-011

24 Jan 2025 07:15Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.3

EPSS0.00145

SSVC

CWE-434