Unauthenticated Remote Attack Can Cause Denial of Service (DoS) Against Charging Functionality
CVE-2024-26003

7.5HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 12 March 2024

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2024-26003?

An identified vulnerability in the Control Agent from ABC Technologies allows for unauthenticated remote attackers to exploit an out-of-bounds read condition. This exploitation can lead to denial of service (DoS), potentially inhibiting or interrupting the device's charging functionality. Such vulnerabilities require immediate attention as they compromise system reliability and user experience.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

References

https://cert.vde.com/en/advisories/VDE-2024-011

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 14, 2024

Credit

Jack Dates

RET2 Systems