CVE-2025-24002
published 2025-07-08CVE-2025-24002: An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | charx_sec-3000 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3050 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3100 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3150 | 0.0.0 – 1.6.5 | — |
| phoenixcontact | charx_sec-3000_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3050_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3100_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3150_firmware | <= 1.6.5 | — |