CVE-2024-28136 PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service

🗓️ 14 May 2024 08:09:52Reported by CERTVDEType

Command injection vulnerability in PHOENIX CONTACT OCPP remote service

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-28136	24 Jan 202507:04	–	circl
CNNVD	PHOENIX CONTACT CHARX SEC 命令注入漏洞	14 May 202400:00	–	cnnvd
CVE	CVE-2024-28136	14 May 202408:09	–	cve
EUVD	EUVD-2024-25283	3 Oct 202520:07	–	euvd
NVD	CVE-2024-28136	14 May 202416:16	–	nvd
Positive Technologies	PT-2024-22286 · Phoenix Contact · Charx Sec-3100	14 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-28136	5 Feb 202500:58	–	redhatcve
Vulnrichment	CVE-2024-28136 PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service	14 May 202408:09	–	vulnrichment
Zero Day Initiative	(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP charx_pack_logs Command Injection Remote Code Execution Vulnerability	29 May 202400:00	–	zdi

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2024-019

24 Jan 2025 06:33Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.8

EPSS0.00268

CWE-77