Unauthenticated Remote Attackers Can Perform Command Injection with Limited Privileges
CVE-2024-25998

7.3HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 12 March 2024

Summary

The vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the OCPP Service due to improper input validation mechanisms. This weakness can be exploited to perform unauthorized actions, potentially compromising the integrity and security of the affected systems. Affected users are advised to review their configurations and apply necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

References

https://cert.vde.com/en/advisories/VDE-2024-011

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 14, 2024

Credit

Chris Anastasio

Fabius Watson