Skip to main content

Phoenix Contact CHARX CVE-2026-41032

| EUVDEUVD-2026-34070 HIGH
Information Exposure (CWE-200)
2026-06-03 CERTVDE GHSA-5hqw-c68q-v3hh
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jun 03, 2026 - 12:01 EUVD
Analysis Generated
Jun 03, 2026 - 11:02 vuln.today

DescriptionCVE.org

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

AnalysisAI

Information disclosure in Phoenix Contact CHARX SEC-3000/3050/3100/3150 EV charging controllers allows an unauthenticated attacker on an adjacent network to download controller log files containing restricted information. No public exploit identified at time of analysis, but the low attack complexity and lack of authentication make opportunistic abuse straightforward once an attacker reaches the same network segment. Reported via CERT@VDE under advisory VDE-2026-060.

Technical ContextAI

The CHARX SEC series are charging controllers used in electric-vehicle supply equipment (EVSE) to manage ISO 15118 / OCPP communications between charge points and backend systems. The flaw maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating the controller exposes a log-retrieval endpoint or service without enforcing authentication or authorization. Logs from such industrial/embedded controllers commonly contain device identifiers, network topology, session metadata, firmware/diagnostic data, and potentially credentials or tokens used in charging transactions - any of which can support follow-on attacks against the charging infrastructure.

RemediationAI

Patch status is not enumerated in the supplied data; consult VDE-2026-060 (https://certvde.com/de/advisories/VDE-2026-060/) and the corresponding CSAF JSON (https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json) for the vendor-released firmware version and apply it to all CHARX SEC-3000/3050/3100/3150 units. Until the patched firmware can be deployed, place the controllers behind a dedicated management VLAN and restrict layer-2/layer-3 reachability so that only known engineering workstations can talk to them - this directly mitigates the adjacent-network attack vector but will break any unmanaged maintenance workflows that rely on broad local access. Additionally, block or firewall the log-retrieval service/port at the network edge and monitor for unexpected log-download requests; the trade-off is the loss of remote diagnostic convenience for legitimate operators.

Share

CVE-2026-41032 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy