CVE-2024-25999 — Improper Input Validation in Charx Sec-3000 Firmware

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

CNA8.4

EPSS

0.1%

top 81.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenixcontact Charx Sec-3000 Firmware Phoenixcontact Charx Sec-3050 Firmware Phoenixcontact Charx Sec-3100 Firmware +5 more

Timeline

PublishedMar 12

Description

An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDphoenixcontact/charx_sec-3000_firmware< 1.5.1

▶NVDphoenixcontact/charx_sec-3050_firmware< 1.5.1

▶NVDphoenixcontact/charx_sec-3100_firmware< 1.5.1

▶NVDphoenixcontact/charx_sec-3150_firmware< 1.5.1

▶CVEListV5phoenix_contact/charx_sec-30001.5.0

🔴Vulnerability Details

CVEList

PHOENIX CONTACT: Privilege escalation in the OCPP agent service↗2024-03-12

▶

GHSA

GHSA-fcvq-8pj4-r94x: An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service↗2024-03-12

▶