Lucene search
Chris Anastasio @mufinnnnnnn & Fabius WatsonZDI-24-858HistoryJun 21, 2024 - 12:00 a.m.
(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Missing Encryption Authentication Bypass Vulnerability
2024-06-2100:00:00
Chris Anastasio @mufinnnnnnn & Fabius Watson
www.zerodayinitiative.com
1
phoenix contact
charx sec-3100
ocpp protocol
security vulnerability
encryption
authentication bypass
arbitrary code
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the OCPP protocol. The issue results from a lack of encryption. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
References
Related
cve
cve
CVE-2024-26288
2024-03-12 09:15:09
nvd
nvd
CVE-2024-26288
2024-03-12 09:15:09
prion
prion
Design/Logic Flaw
2024-03-12 09:15:00
vulnrichment
vulnrichment
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series
2024-03-12 08:13:05
cvelist
cvelist
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series
2024-03-12 08:13:05