Charx Sec-3000 Firmware Security Vulnerabilities and Issues — Charx Sec-3000 Firmware CVE List

Lucene search

PhoenixcontactCharx Sec-3000 Firmware

5 matches found

CVE•added 2024/05/14 4:16 p.m.•70 views

CVE-2024-28135

A low privileged remote attacker can use a command injection vulnerability in the API which performsremote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.

5CVSS5.7AI score0.00727EPSS

CVE•added 2024/05/14 4:16 p.m.•52 views

CVE-2024-28136

A local attacker with low privileges can use a command injection vulnerability to gain rootprivileges due to improper input validation using the OCPP Remote service.

7.8CVSS7.9AI score0.00199EPSS

CVE•added 2024/05/14 4:16 p.m.•48 views

CVE-2024-28137

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.

7.8CVSS7.6AI score0.00049EPSS

CVE•added 2024/05/14 4:16 p.m.•44 views

CVE-2024-28134

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as on...

7CVSS6.7AI score0.00487EPSS

CVE•added 2024/05/14 4:16 p.m.•38 views

CVE-2024-28133

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges.

7.8CVSS7.3AI score0.00061EPSS