Lucene search
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)ZDI-24-519HistoryMay 29, 2024 - 12:00 a.m.
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability
2024-05-2900:00:00
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
www.zerodayinitiative.com
2
vulnerability
local attackers
privilege escalation
phoenix contact charx sec-3100
untrusted location
arbitrary code
root context
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the charx_set_timezone binary. The issue results from executing a program from an untrusted location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
References
Related
cve
cve
CVE-2024-28133
2024-05-14 16:16:36
nvd
nvd
CVE-2024-28133
2024-05-14 16:16:36
cvelist
cvelist
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
2024-05-14 08:09:11
vulnrichment
vulnrichment
CVE-2024-28133 PHOENIX CONTACT: Privilege escalation in CHARX Series
2024-05-14 08:09:11