Unauthenticated Remote Attacker Can Execute Remote Code Due to Origin Validation Error
CVE-2024-25996

9.8CRITICAL

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 12 March 2024

Summary

A vulnerability exists that allows an unauthenticated remote attacker to execute arbitrary code due to an origin validation error. The access remains confined to the service user, creating potential security risks that could compromise system integrity and data safety.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

References

https://cert.vde.com/en/advisories/VDE-2024-011

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 14, 2024

Credit

Tobias Scharnowski of fuzzware.io

Felix Buchmann of fuzzware.io