Uninitialized Pointer DoS Attack Affects Control Agent
CVE-2024-26004

7.5HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 12 March 2024

Summary

A remote attacker can cause a Denial of Service (DoS) condition in Vendor A's control agent through the exploitation of an uninitialized pointer. This vulnerability allows an attacker to disrupt or completely halt the charging functionality in affected systems, potentially resulting in significant operational impacts. Organizations utilizing the affected versions of the control agent should assess their systems for potential risks associated with this vulnerability.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

References

https://cert.vde.com/en/advisories/VDE-2024-011

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 14, 2024

Credit

Jack Dates

RET2 Systems