CVE-2025-24003
published 2025-07-08CVE-2025-24003: An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting…
high8.2CVSS 3.1
AVNACLPRNUINSUCNILAH
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | charx_sec-3000 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3050 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3100 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3150 | 0.0.0 – 1.6.5 | — |
| phoenixcontact | charx_sec-3000_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3050_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3100_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3150_firmware | <= 1.6.5 | — |