CVE-2024-3913

Published: Aug 13, 2024Modified: Jan 29, 2025

5.3

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD (Secondary)

Description

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.

Affected (4)

Products: Phoenixcontact: Charx Sec 3150 Firmware, Charx Sec 3100 Firmware, Charx Sec 3050 Firmware, Charx Sec 3000 Firmware

Phoenixcontact

4 products

Charx Sec 3150 Firmware

Charx Sec 3100 Firmware

Charx Sec 3050 Firmware

Charx Sec 3000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3150 Firmware	Before 1.6.3

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3150	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3100 Firmware	Before 1.6.3

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3050 Firmware	Before 1.6.3

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3050	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3000 Firmware	Before 1.6.3

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3000	All versions

Related CWEs

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (1)

https://cert.vde.com/en/advisories/VDE-2024-022

Source: info@cert.vde.com

Third Party Advisory

Timeline

No history available yet.