CVE-2025-24002

Published: Jul 8, 2025Modified: Jul 11, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: info@cert.vde.com (Secondary)

Description

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

Affected (4)

Products: Phoenixcontact: Charx Sec 3000 Firmware, Charx Sec 3050 Firmware, Charx Sec 3100 Firmware, Charx Sec 3150 Firmware

Phoenixcontact

4 products

Charx Sec 3000 Firmware

Charx Sec 3050 Firmware

Charx Sec 3100 Firmware

Charx Sec 3150 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3000 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3050 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3050	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3100 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3100	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3150 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3150	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://certvde.com/en/advisories/VDE-2025-014

Source: info@cert.vde.com

Third Party Advisory

Timeline

No history available yet.