CVE-2024-25995

🗓️ 12 Mar 2024 08:10:58Reported by CERTVDEType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 78 Views

An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-25995	12 Mar 202410:26	–	circl
CNNVD	PHOENIX CONTACT CHARX SEC-3000 Input Validation Error Vulnerability	12 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-25995 PHOENIX CONTACT: Remote code execution in CHARX Series	12 Mar 202408:10	–	cvelist
EUVD	EUVD-2024-23291	3 Oct 202520:07	–	euvd
NVD	CVE-2024-25995	12 Mar 202409:15	–	nvd
OSV	CVE-2024-25995	12 Mar 202409:15	–	osv
Prion	Remote code execution	12 Mar 202409:15	–	prion
Positive Technologies	PT-2024-8065 · Phoenix Contact · Phoenix Contact Charx Sec-3100	2 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-25995	5 Feb 202513:04	–	redhatcve
The Hacker News	⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More	31 Mar 202511:25	–	thn

NVD

Vulners

Vulnrichment

Node

phoenixcontact charx_sec-3000_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3000Match-

Node

phoenixcontact charx_sec-3050_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3050Match-

Node

phoenixcontact charx_sec-3100_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3100Match-

Node

phoenixcontact charx_sec-3150_firmwareRange<1.5.1

AND

phoenixcontact charx_sec-3150Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-011
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-856/

30 Jan 2025 11:15Current

9.9High risk

Vulners AI Score9.9

CVSS 3.19.8

EPSS0.02369

SSVC

CWE-20