Log File Information Disclosure Vulnerability in Phoenix Contact's Controller
CVE-2026-41032

7.5HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 3 June 2026

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2026-41032?

An information disclosure vulnerability exists in Phoenix Contact's controller that could allow an unauthenticated adjacent attacker to download sensitive log files. This flaw may potentially reveal restricted information, posing a security risk. It is crucial for users of the affected controller to review their security postures and consider measures to mitigate the risk of unauthorized access to confidential data.

Affected Version(s)

CHARX SEC-3000 1.0.0 < 1.9.0

CHARX SEC-3050 1.0.0 < 1.9.0

CHARX SEC-3100 1.0.0 < 1.9.0

References

https://phoenixcontact.csaf-tp.certvde.com/.well-known/cs...

vendor-advisory

https://certvde.com/de/advisories/VDE-2026-060/

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Piotr Ptaszek, Mateusz Wójcik from ZDI

CVE-2026-41032 Data

JSON