Lucene search
K

22 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/07/21 12:0 a.m.7 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the defaultroutemetric parameter to the...

7.5CVSS7.5AI score0.01404EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/27 12:0 a.m.5 views

The vulnerability of the binary file plctool of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, allows a hacker to execute any code in the root context.

The vulnerability of the binary file of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices, the Phoenix Contact CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability could all...

7.8CVSS7.6AI score0.00259EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.5 views

The vulnerability of the OCPP software-based modular controller systems for variable current charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a perpetrator to gain unauthorized access and execute arbitrary codes.

The vulnerability of the OCPP microprogramming software for modular charge controllers for AC charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability can allow attackers to enhan...

8.4CVSS7.9AI score0.00408EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.6 views

The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a intruder to execute arbitrary commands.

The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact’s CHARX SEC-3100 exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor t...

7.5CVSS7.5AI score0.0147EPSS
Exploits0References5Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/08/20 12:0 a.m.21 views

Phoenix Contact CHARX SEC-3100 Improper Access Control Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall. The issue results from incorrect ordering...

5CVSS7.1AI score0.00507EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.21 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Improper Log Output Neutralization Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to injection malicious content into log files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of logging. The...

3.1CVSS7.2AI score0.00686EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Missing Encryption Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the OCPP protocol. The issue...

6.3CVSS7AI score0.00309EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.21 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 ClientSession Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ClientSession objects in the...

8.8CVSS7.3AI score0.00621EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.2AI score0.00259EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.12 views

Phoenix Contact CHARX SEC-3100 charx_pack_logs Improper Input Validation Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...

7.8CVSS7.2AI score0.00408EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.19 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Config Manager Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on...

7.5CVSS7.3AI score0.01404EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.17 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 CANopenDevice Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CANopenDevice objects. Th...

6.5CVSS6.5AI score0.01EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.15 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 CharxUpdateAgent Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxUpdateAgent service, which listens on TCP port...

5.3CVSS7.1AI score0.00728EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 HomePlug Protocol Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the HomePlug Green PHY Protocol...

4.3CVSS6.3AI score0.01161EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.18 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the...

7.5CVSS7.2AI score0.0147EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.25 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.5AI score0.0038EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.18 views

Phoenix Contact CHARX SEC-3100 Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...

7.8CVSS7.5AI score0.00252EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of nginx. The issue results from a lac...

7.5CVSS7.5AI score0.00492EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.3 views

PT-2024-22287 · Phoenix Contact · Charx Sec-3100

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 affected versions not specified Description: A local attacker with low privileges can perform a privilege escalation with an init script due to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability. Recommendation...

7.8CVSS7AI score0.00252EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.5 views

PT-2024-21270 · Phoenix Contact · Charx Sec-3100 Charxupdateagent

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 CharxUpdateAgent affected versions not specified Description: An unauthenticated remote attacker can upload an arbitrary script file due to improper input validation. The upload destination is fixed and is write...

5.3CVSS9.6AI score0.00728EPSS
Exploits0References6
Rows per page
Query Builder