CVE-2024-25996

CWE-3463 documents3 sources
Severity
9.8CRITICAL
EPSS
0.6%
top 30.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Phoenixcontact Charx Sec-3000 FirmwarePhoenixcontact Charx Sec-3050 FirmwarePhoenixcontact Charx Sec-3100 Firmware+5 more
Timeline
PublishedMar 12

Description

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

🔴Vulnerability Details

2
CVEList
PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series2024-03-12
GHSA
GHSA-jc22-rcgg-22cp: An unauthenticated remote attacker can perform a remote code execution due to an origin validation error2024-03-12
CVE-2024-25996 (CRITICAL CVSS 9.8) | An unauthenticated remote attacker | cvebase.io