← Back

CVE-2024-28134

nvd nist
Published: May 14, 2024Modified: Jan 23, 2025

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Exploitability: 2.2 / Impact: 4.7
Source: info@cert.vde.com (Secondary)

Description

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. 

Affected (4)

Phoenixcontact
4 products
Charx Sec 3000 Firmware
Charx Sec 3050 Firmware
Charx Sec 3100 Firmware
Charx Sec 3150 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3000 Firmware
Up to 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3050 Firmware
Up to 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3050
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3100 Firmware
Up to 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3150 Firmware
Up to 1.5.1
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3150
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

Source: info@cert.vde.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.