CVE-2024-11497 Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation

🗓️ 14 Jan 2025 13:55:57Reported by CERTVDEType

Authenticated attacker can escalate privileges in Phoenix Contact CHARX-SEC3xxx charge controllers.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-11497	14 Jan 202513:57	–	circl
CNNVD	PHOENIX CONTACT多款产品安全漏洞	14 Jan 202500:00	–	cnnvd
CVE	CVE-2024-11497	14 Jan 202513:55	–	cve
EUVD	EUVD-2024-34375	3 Oct 202520:07	–	euvd
NVD	CVE-2024-11497	14 Jan 202514:15	–	nvd
Positive Technologies	PT-2025-1663 · Phoenix Contact · Charx Sec-3000 +3	14 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-11497	5 Feb 202501:38	–	redhatcve
Vulnrichment	CVE-2024-11497 Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation	14 Jan 202513:55	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "1.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "1.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "1.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "1.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-070

14 Jan 2025 13:55Current

CVSS 3.18.8

EPSS0.0037

CWE-732