CVE-2024-28134

🗓️ 14 May 2024 08:09:24Reported by CERTVDEType

Unauthenticated remote attacker can extract session token, gain web-based management access with the privileges of logged in user due to cleartext transmission of sensitive information, affecting availability

Reporter	Title	Published	Views	Family All 8
CNNVD	PHOENIX CONTACT CHARX SEC-3000 安全漏洞	14 May 202400:00	–	cnnvd
Cvelist	CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series	14 May 202408:09	–	cvelist
EUVD	EUVD-2024-25281	3 Oct 202520:07	–	euvd
NVD	CVE-2024-28134	14 May 202416:16	–	nvd
Positive Technologies	PT-2024-22284 · Phoenix Contact · Phoenix Contact Charx Sec-3100	14 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-28134	5 Feb 202501:00	–	redhatcve
Vulnrichment	CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series	14 May 202408:09	–	vulnrichment
Zero Day Initiative	(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability	29 May 202400:00	–	zdi

NVD

Vulners

Vulnrichment

Node

phoenixcontact charx_sec-3000_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3000Match-

Node

phoenixcontact charx_sec-3050_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3050Match-

Node

phoenixcontact charx_sec-3100_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3100Match-

Node

phoenixcontact charx_sec-3150_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3150Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-019

23 Jan 2025 18:53Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.17

EPSS0.00322

SSVC

CWE-319