CVE-2024-28137

🗓️ 14 May 2024 08:10:06Reported by CERTVDEType

Privilege escalation via TOCTOU vulnerability in init script

Reporter	Title	Published	Views	Family All 8
CNNVD	PHOENIX CONTACT CHARX SEC-3000 安全漏洞	14 May 202400:00	–	cnnvd
Cvelist	CVE-2024-28137 PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series	14 May 202408:10	–	cvelist
EUVD	EUVD-2024-25284	3 Oct 202520:07	–	euvd
NVD	CVE-2024-28137	14 May 202416:16	–	nvd
Positive Technologies	PT-2024-22287 · Phoenix Contact · Charx Sec-3100	14 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-28137	5 Feb 202501:05	–	redhatcve
Vulnrichment	CVE-2024-28137 PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series	14 May 202408:10	–	vulnrichment
Zero Day Initiative	Phoenix Contact CHARX SEC-3100 Link Following Local Privilege Escalation Vulnerability	29 May 202400:00	–	zdi

NVD

Vulners

Vulnrichment

Node

phoenixcontact charx_sec-3000_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3000Match-

Node

phoenixcontact charx_sec-3050_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3050Match-

Node

phoenixcontact charx_sec-3100_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3100Match-

Node

phoenixcontact charx_sec-3150_firmwareRange≤1.5.1

AND

phoenixcontact charx_sec-3150Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-019

23 Jan 2025 18:55Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.8

EPSS0.00067

SSVC

CWE-367