Unencrypted Data Vulnerable to Interception
CVE-2024-26288

8.7HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3000; Charx Sec-3050; Charx Sec-3100; Charx Sec-3150
Vendor: CVE Published:; 12 March 2024

Summary

An unauthenticated remote vulnerability exists in a vendor product, allowing attackers to exploit the lack of encryption during data transmission. This vulnerability enables potential manipulation of communication channels through a Man-in-the-Middle (MITM) attack, compromising sensitive user data without the need for authentication. It's crucial for users of the affected vendor products to be aware of this risk and take necessary measures to secure their systems.

Affected Version(s)

CHARX SEC-3000 0 <= 1.5.0

CHARX SEC-3050 0 <= 1.5.0

CHARX SEC-3100 0 <= 1.5.0

References

https://cert.vde.com/en/advisories/VDE-2024-011

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 16, 2024

Credit

Chris Anastasio

Fabius Watson