← Back

CVE-2024-25997

nvd nist
Published: Mar 12, 2024Modified: Jan 23, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: info@cert.vde.com (Secondary)

Description

An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.

Affected (4)

Phoenixcontact
4 products
Charx Sec 3000 Firmware
Charx Sec 3050 Firmware
Charx Sec 3100 Firmware
Charx Sec 3150 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3000 Firmware
Before 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3050 Firmware
Before 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3050
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3100 Firmware
Before 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3150 Firmware
Before 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3150
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: info@cert.vde.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.