Product:

Charx_sec\-3000_firmware

(Phoenixcontact)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 20
Date Id Summary Products Score Patch Annotated
2024-03-12 CVE-2024-25995 An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware N/A
2024-08-13 CVE-2024-3913 An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware 5.9
2024-03-12 CVE-2024-25994 An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware N/A
2024-03-12 CVE-2024-25998 An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware N/A
2024-03-12 CVE-2024-26001 An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware 9.8
2024-03-12 CVE-2024-26000 An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware 7.5
2024-05-14 CVE-2024-28135 A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware N/A
2024-05-14 CVE-2024-28136 A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware N/A
2024-03-12 CVE-2024-25996 An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware 9.8
2024-03-12 CVE-2024-25997 An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware N/A