CVE-2025-24004

Published: Jul 8, 2025Modified: Jul 11, 2025

5.2

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Exploitability: 0.9 / Impact: 4.2

Source: info@cert.vde.com (Secondary)

Description

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Affected (4)

Products: Phoenixcontact: Charx Sec 3000 Firmware, Charx Sec 3050 Firmware, Charx Sec 3100 Firmware, Charx Sec 3150 Firmware

Phoenixcontact

4 products

Charx Sec 3000 Firmware

Charx Sec 3050 Firmware

Charx Sec 3100 Firmware

Charx Sec 3150 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3000 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3050 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3050	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3100 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3100	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Charx Sec 3150 Firmware	Up to 1.6.5

Running on/with	Platform Versions
Phoenixcontact Charx Sec 3150	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://certvde.com/de/advisories/VDE-2025-014

Source: info@cert.vde.com

Third Party Advisory

Timeline

No history available yet.