CVE-2025-24004

| EUVD-2025-20407 MEDIUM
2025-07-08 [email protected]
5.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20407
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 07:15 nvd
MEDIUM 5.2

Tags

Buffer Overflow Charx Sec 3150 Firmware Charx Sec 3000 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware

Description

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Analysis

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Classic Buffer Overflow (CWE-120).

Affected Products

Affected products: Phoenixcontact Charx Sec-3000 Firmware, Phoenixcontact Charx Sec-3050 Firmware, Phoenixcontact Charx Sec-3100 Firmware, Phoenixcontact Charx Sec-3150 Firmware

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

26
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: 0

Share

CVE-2025-24004 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy