Skip to main content

Charx Sec 3000 Firmware CVE-2024-28134

HIGH
Cleartext Transmission of Sensitive Information (CWE-319)
2024-05-14 info@cert.vde.com
7.0
CVSS 3.1 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
7.0 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Primary rating from Vendor (cert) · only source for this CVE.

CVSS VectorVendor: cert

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

1
CVE Published
May 14, 2024 - 16:16 cve.org
HIGH 7.0

DescriptionCVE.org

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.

AnalysisAI

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. Affected products include: Phoenixcontact Charx Sec-3000 Firmware, Phoenixcontact Charx Sec-3050 Firmware, Phoenixcontact Charx Sec-3100 Firmware, Phoenixcontact Charx Sec-3150 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-25270 CRITICAL
9.8 Jul 08

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with

CVE-2024-6788 CRITICAL
9.8 Aug 13

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the pa

CVE-2024-26001 CRITICAL
9.8 Mar 12

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. Ra

CVE-2024-25996 CRITICAL
9.8 Mar 12

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. Rated critical

CVE-2024-25995 CRITICAL
9.8 Mar 12

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or per

CVE-2025-25271 HIGH
8.8 Jul 08

A security vulnerability in An unauthenticated adjacent attacker (CVSS 8.8). High severity vulnerability requiring promp

CVE-2025-25268 HIGH
8.8 Jul 08

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting

CVE-2024-26288 HIGH
8.7 Mar 12

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a

CVE-2025-25269 HIGH
8.4 Jul 08

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege esc

CVE-2025-24003 HIGH
8.2 Jul 08

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying

CVE-2025-24005 HIGH
7.8 Jul 08

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due t

CVE-2025-24006 HIGH
7.8 Jul 08

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges

Share

CVE-2024-28134 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy