CVE-2024-28135

🗓️ 14 May 2024 08:09:39Reported by CERTVDEType

A low privileged remote attacker could perform remote code execution via command injection vulnerability in API, affecting confidentiality

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-28135	24 Jan 202507:04	–	circl
CNNVD	PHOENIX CONTACT CHARX SEC 命令注入漏洞	14 May 202400:00	–	cnnvd
Cvelist	CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series	14 May 202408:09	–	cvelist
EUVD	EUVD-2024-25282	3 Oct 202520:07	–	euvd
NVD	CVE-2024-28135	14 May 202416:16	–	nvd
Positive Technologies	PT-2024-22285 · Phoenix Contact · Charx Sec-3100	14 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-28135	23 May 202508:43	–	redhatcve
Vulnrichment	CVE-2024-28135 PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series	14 May 202408:09	–	vulnrichment
Zero Day Initiative	(Pwn2Own) Phoenix Contact CHARX SEC-3100 Filename Command Injection Remote Code Execution Vulnerability	29 May 202400:00	–	zdi

NVD

Vulners

Vulnrichment

Node

phoenixcontact charx_sec-3000_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3000Match-

Node

phoenixcontact charx_sec-3050_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3050Match-

Node

phoenixcontact charx_sec-3100_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3100Match-

Node

phoenixcontact charx_sec-3150_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3150Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-019

24 Jan 2025 07:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15

EPSS0.00985

SSVC

CWE-77