CVE-2024-6788
published 2024-08-13CVE-2024-6788: A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | charx_sec-3000 | < 1.6.3 | 1.6.3 |
| phoenix_contact | charx_sec-3050 | < 1.6.3 | 1.6.3 |
| phoenix_contact | charx_sec-3100 | < 1.6.3 | 1.6.3 |
| phoenix_contact | charx_sec-3150 | < 1.6.3 | 1.6.3 |
| phoenixcontact | charx_sec-3000_firmware | < 1.6.3 | 1.6.3 |
| phoenixcontact | charx_sec-3050_firmware | < 1.6.3 | 1.6.3 |
| phoenixcontact | charx_sec-3100_firmware | < 1.6.3 | 1.6.3 |
| phoenixcontact | charx_sec-3150_firmware | < 1.6.3 | 1.6.3 |