22 matches found
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the defaultroutemetric parameter to the...
The vulnerability of the binary file plctool of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, allows a hacker to execute any code in the root context.
The vulnerability of the binary file of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices, the Phoenix Contact CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability could all...
The vulnerability of the OCPP software-based modular controller systems for variable current charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a perpetrator to gain unauthorized access and execute arbitrary codes.
The vulnerability of the OCPP microprogramming software for modular charge controllers for AC charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability can allow attackers to enhan...
The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a intruder to execute arbitrary commands.
The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact’s CHARX SEC-3100 exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor t...
Phoenix Contact CHARX SEC-3100 Improper Access Control Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall. The issue results from incorrect ordering...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Improper Log Output Neutralization Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to injection malicious content into log files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of logging. The...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Missing Encryption Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the OCPP protocol. The issue...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 ClientSession Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ClientSession objects in the...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...
Phoenix Contact CHARX SEC-3100 charx_pack_logs Improper Input Validation Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Config Manager Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 CANopenDevice Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CANopenDevice objects. Th...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 CharxUpdateAgent Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxUpdateAgent service, which listens on TCP port...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 HomePlug Protocol Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the HomePlug Green PHY Protocol...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...
Phoenix Contact CHARX SEC-3100 Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of nginx. The issue results from a lac...
PT-2024-22287 · Phoenix Contact · Charx Sec-3100
Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 affected versions not specified Description: A local attacker with low privileges can perform a privilege escalation with an init script due to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability. Recommendation...
PT-2024-21270 · Phoenix Contact · Charx Sec-3100 Charxupdateagent
Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 CharxUpdateAgent affected versions not specified Description: An unauthenticated remote attacker can upload an arbitrary script file due to improper input validation. The upload destination is fixed and is write...