Summary
Start sequence for firewall service allows attack during the boot process. Password is reset to default when the device undergoes a firmware upgrade.
Impact
These vulnerabilities may allow an attacker within the network to change the device configuration through an unauthenticated internal service before the firewall is started during boot process. The second vulnerability may allow an local attacker to use the firmware update feature to reset the user-app accounts password to the dafault value that is documented in the product documentation. The user "user-app" has limited access rights.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1139022 | CHARX SEC-3000 | Firmware <1.6.3 |
| 1139018 | CHARX SEC-3050 | Firmware <1.6.3 |
| 1139012 | CHARX SEC-3100 | Firmware <1.6.3 |
| 1138965 | CHARX SEC-3150 | Firmware <1.6.3 |
Vulnerabilities
Expand / Collapse allMitigation
Phoenix Contact recommends operating network-capable devices in closed networks or
protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.
Remediation
Phoenix Contact strongly recommends upgrading affected charge controllers to firmware
version 1.6.3 or higher which fixes these vulnerabilities.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 08/13/2024 12:00 | initial revision |
| 1.0.1 | 03/14/2025 12:30 | Fix: typo in version |
| 1.0.2 | 05/22/2025 15:03 | Fix: added distribution, quotation mark |
| 1.1.2 | 08/27/2025 12:00 | Update: CWE from CVE-2024-6788, Revision History |