CVE-2024-25994

CWE-434Unrestricted File UploadCWE-20Improper Input Validation3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 53.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Phoenixcontact Charx Sec-3000 FirmwarePhoenixcontact Charx Sec-3050 FirmwarePhoenixcontact Charx Sec-3100 Firmware+5 more
Timeline
PublishedMar 12

Description

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

🔴Vulnerability Details

2
CVEList
PHOENIX CONTACT: Unintended script file upload in CHARX Series2024-03-12
GHSA
GHSA-54j6-6hq9-52fg: An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation2024-03-12
CVE-2024-25994 (MEDIUM CVSS 5.3) | An unauthenticated remote attacker | cvebase.io