CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

CVE-2025-41699

Phoenix Contact CHARX SEC-3xxx charging controllers are affected by CVE-2025-41699. The vulnerability is a code injection (CWE-94) that an attacker with a low-privileged remote account for the Web-based management can exploit to change system configuration and perform a root command injection, co...

CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...

Phoenix Contact CHARX SEC-3150 代码注入漏洞

The Phoenix Contact CHARX SEC-3150 is an AC charge controller from Phoenix Contact, Germany. The Phoenix Contact CHARX SEC-3150 suffers from a code injection vulnerability that originates from a low-privileged remote attacker who can perform command injection by changing the system configuration...

(Pwn2Own) Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the OCPP service. The issue result...

(Pwn2Own) Phoenix Contact CHARX SEC-3150 Origin Validation Error Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of firewa...

(Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration service, which listens on TCP port 500...

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the defaultroutemetric parameter to the...

PHOENIX CONTACT CHARX SEC-3xxx 安全漏洞

PHOENIX CONTACT CHARX SEC-3000 etc. are products of PHOENIX CONTACT, Germany.PHOENIX CONTACT CHARX SEC-3000 is an AC charge controller.PHOENIX CONTACT CHARX SEC-3050 is an AC charge controller.PHOENIX CONTACT CHARX SEC-3100 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3100 is an AC charg...

PHOENIX CONTACT CHARX SEC 安全漏洞

PHOENIX CONTACT CHARX SEC is a series of AC charging controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT CHARX SEC that originates from an unauthenticated neighboring attacker being able to configure a new OCPP backend due to the configuration interfa...

Phoenix Contact CHARX SEC 输入验证错误漏洞

The PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. The Phoenix Contact CHARX SEC suffers from an input validation error vulnerability that originates from the fact that an unauthenticated, remote attacker could use MQTT messages to crash the charging...

PHOENIX CONTACT CHARX SEC-3xxx 安全漏洞

PHOENIX CONTACT CHARX SEC-3000 etc. are products of PHOENIX CONTACT, Germany.PHOENIX CONTACT CHARX SEC-3000 is an AC charge controller.PHOENIX CONTACT CHARX SEC-3050 is an AC charge controller.PHOENIX CONTACT CHARX SEC-3100 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3100 is an AC charg...

PHOENIX CONTACT CHARX SEC 输入验证错误漏洞

The PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. The PHOENIX CONTACT CHARX SEC suffers from an input validation error vulnerability that originates from a local attacker who can exploit a vulnerable script via SSH and elevate privileges to root due...

The vulnerability of the binary file plctool of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, allows a hacker to execute any code in the root context.

The vulnerability of the binary file of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices, the Phoenix Contact CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability could all...

The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a intruder to execute arbitrary commands.

The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact’s CHARX SEC-3100 exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor t...

The vulnerability of the OCPP software-based modular controller systems for variable current charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a perpetrator to gain unauthorized access and execute arbitrary codes.

The vulnerability of the OCPP microprogramming software for modular charge controllers for AC charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability can allow attackers to enhan...

The vulnerability of the microprogrammed software in modular controller devices for AC charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3000, arises from insecure resource initialization. This allows a hacker to bypass the password protection of arbitrary users.

The vulnerability of the microprogrammed software in modular control devices for AC charging stations and wall-mounted charging devices from Phoenix Contact’s CHARX SEC-3000 is related to an unsafe initialization of resources. Exploiting this vulnerability could allow a malicious actor to reset t...

Phoenix Contact CHARX SEC-3100 Improper Access Control Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall. The issue results from incorrect ordering...

PHOENIX CONTACT CHARX SEC 安全漏洞

PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT CHARX SEC. An attacker could use the firmware update function on the LAN interface of the device to reset the password of the user with low privileges...