Lucene search
K

7 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/07/22 12:0 a.m.12 views

(Pwn2Own) Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the OCPP service. The issue result...

3.1CVSS6.2AI score0.00288EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.17 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 CANopenDevice Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CANopenDevice objects. Th...

6.5CVSS6.5AI score0.01EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.16 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 CharxUpdateAgent Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxUpdateAgent service, which listens on TCP port...

5.3CVSS7.1AI score0.00728EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.24 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.2AI score0.00259EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 HomePlug Protocol Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the HomePlug Green PHY Protocol...

4.3CVSS6.3AI score0.01161EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.20 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Config Manager Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on...

7.5CVSS7.3AI score0.01404EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.25 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.5AI score0.0038EPSS
Exploits0References1
Rows per page
Query Builder