Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
AnalysisAI
Information disclosure in Phoenix Contact CHARX SEC-3000/3050/3100/3150 EV charging controllers allows an unauthenticated attacker on an adjacent network to download controller log files containing restricted information. No public exploit identified at time of analysis, but the low attack complexity and lack of authentication make opportunistic abuse straightforward once an attacker reaches the same network segment. Reported via CERT@VDE under advisory VDE-2026-060.
Technical ContextAI
The CHARX SEC series are charging controllers used in electric-vehicle supply equipment (EVSE) to manage ISO 15118 / OCPP communications between charge points and backend systems. The flaw maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating the controller exposes a log-retrieval endpoint or service without enforcing authentication or authorization. Logs from such industrial/embedded controllers commonly contain device identifiers, network topology, session metadata, firmware/diagnostic data, and potentially credentials or tokens used in charging transactions - any of which can support follow-on attacks against the charging infrastructure.
RemediationAI
Patch status is not enumerated in the supplied data; consult VDE-2026-060 (https://certvde.com/de/advisories/VDE-2026-060/) and the corresponding CSAF JSON (https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json) for the vendor-released firmware version and apply it to all CHARX SEC-3000/3050/3100/3150 units. Until the patched firmware can be deployed, place the controllers behind a dedicated management VLAN and restrict layer-2/layer-3 reachability so that only known engineering workstations can talk to them - this directly mitigates the adjacent-network attack vector but will break any unmanaged maintenance workflows that rely on broad local access. Additionally, block or firewall the log-retrieval service/port at the network edge and monitor for unexpected log-download requests; the trade-off is the loss of remote diagnostic convenience for legitimate operators.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34070
GHSA-5hqw-c68q-v3hh