← Back

Charx Sec 3050 Firmware

charx_sec-3050_firmware

Vendor: Phoenixcontact • 29 CVEs

CVEs (29)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-26002
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 23, 2025
Mar 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.
CVE-2024-26001
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 24, 2025
Mar 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
CVE-2024-26000
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 24, 2025
Mar 12, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
CVE-2024-25999
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 23, 2025
Mar 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. 
CVE-2024-25998
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 24, 2025
Mar 12, 2024
N/A· v4
7.3 HIGH· v3
N/A· v2
An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.
CVE-2024-25997
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 23, 2025
Mar 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.
CVE-2024-25996
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 23, 2025
Mar 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.
CVE-2024-25995
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 30, 2025
Mar 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.
CVE-2024-25994
1Phoenixcontact
4Charx Sec 3000 Firmware
Charx Sec 3050 FirmwareCharx Sec 3100 Firmware+1 more
Jan 24, 2025
Mar 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.