CVE-2024-25995

CWE-20 — Improper Input Validation CWE-306 — Missing Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

2.4%

top 15.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenixcontact Charx Sec-3000 Firmware Phoenixcontact Charx Sec-3050 Firmware Phoenixcontact Charx Sec-3100 Firmware +5 more

Timeline

PublishedMar 12

Description

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDphoenixcontact/charx_sec-3000_firmware< 1.5.1

▶NVDphoenixcontact/charx_sec-3050_firmware< 1.5.1

▶NVDphoenixcontact/charx_sec-3100_firmware< 1.5.1

▶NVDphoenixcontact/charx_sec-3150_firmware< 1.5.1

▶CVEListV5phoenix_contact/charx_sec-30001.5.0

🔴Vulnerability Details

GHSA

GHSA-rjx7-v6g9-8g3m: An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical functio↗2024-03-12

▶

CVEList

PHOENIX CONTACT: Remote code execution in CHARX Series↗2024-03-12

▶