Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Charx_sec\-3150_firmware
(Phoenixcontact)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-12 | CVE-2024-25995 | An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | N/A | ||
| 2024-08-13 | CVE-2024-3913 | An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | 5.9 | ||
| 2024-03-12 | CVE-2024-25994 | An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | N/A | ||
| 2024-03-12 | CVE-2024-25998 | An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | N/A | ||
| 2024-03-12 | CVE-2024-26001 | An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | 9.8 | ||
| 2024-03-12 | CVE-2024-26000 | An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | 7.5 | ||
| 2024-05-14 | CVE-2024-28135 | A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | N/A | ||
| 2024-05-14 | CVE-2024-28136 | A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | N/A | ||
| 2024-03-12 | CVE-2024-25996 | An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | 9.8 | ||
| 2024-03-12 | CVE-2024-25997 | An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. | Charx_sec\-3000_firmware, Charx_sec\-3050_firmware, Charx_sec\-3100_firmware, Charx_sec\-3150_firmware | N/A |