5 matches found
CVE-2024-28136
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service...
CVE-2024-28136
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service...
CVE-2024-28136 PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service...
CVE-2024-28136 PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service...
CVE-2024-28136
CVE-2024-28136 describes a command-injection on PHOENIX CONTACT CHARX SEC devices via the OCPP Remote service. Multiple connected sources (ZDI, NVD, CVE listings) indicate the flaw resides in input validation when processing Charger ID/remote commands (e.g., Get Diagnostics), enabling a low-privi...