CVE-2025-24004
published 2025-07-08CVE-2025-24004: A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss…
medium5.2CVSS 3.1
AVPACLPRNUINSUCNIHAL
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | charx_sec-3000 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3050 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3100 | 0.0.0 – 1.6.5 | — |
| phoenix_contact | charx_sec-3150 | 0.0.0 – 1.6.5 | — |
| phoenixcontact | charx_sec-3000_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3050_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3100_firmware | <= 1.6.5 | — |
| phoenixcontact | charx_sec-3150_firmware | <= 1.6.5 | — |