Lucene search
Chris Anastasio @mufinnnnnnn & Fabius WatsonZDI-24-864HistoryJun 21, 2024 - 12:00 a.m.
(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability
2024-06-2100:00:00
Chris Anastasio @mufinnnnnnn & Fabius Watson
www.zerodayinitiative.com
7
phoenix contact
charx sec-3100
ocpp protocol
command injection
remote code execution
vulnerability
updatefirmware
arbitrary code
system call
user validation
charx-oa user
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the UpdateFirmwareRequest command. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the charx-oa user.
References
Related
nvd
nvd
CVE-2024-25998
2024-03-12 09:15:08
vulnrichment
vulnrichment
CVE-2024-25998 PHOENIX CONTACT: Command injection in the OCPP Service
2024-03-12 08:11:31
cve
cve
CVE-2024-25998
2024-03-12 09:15:08
prion
prion
Command injection
2024-03-12 09:15:00
cvelist
cvelist
CVE-2024-25998 PHOENIX CONTACT: Command injection in the OCPP Service
2024-03-12 08:11:31