Lucene search
CERTVDECVELIST:CVE-2024-25998HistoryMar 12, 2024 - 8:11 a.m.
CVE-2024-25998 PHOENIX CONTACT: Command injection in the OCPP Service
2024-03-1208:11:31
CWE-20
CERTVDE
www.cve.org
unauthenticated
remote attacker
input validation
phoenix contact
limited privileges
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
29.7%
An unauthenticated remote attacker can perform a command injectionย in the OCPPย Service with limited privileges due to improper input validation.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3100",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3150",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Related
nvd
nvd
CVE-2024-25998
2024-03-12 09:15:08
cve
cve
CVE-2024-25998
2024-03-12 09:15:08
prion
prion
Command injection
2024-03-12 09:15:00
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
29.7%
Related for CVELIST:CVE-2024-25998