VDE-2025-019
Last update
07/22/2025 10:00
Published at
07/08/2025 12:00
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2025-019
CSAF Document
Summary
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Update Version 1.1.0: Updated the reporting credits for CVE-2025-25271.
Impact
The vulnerabilities can lead to a total loss of confidentiality, integrity and availability of the devices.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CHARX SEC-3000 | Firmware <FW 1.7.3 | |
| CHARX SEC-3050 | Firmware <FW 1.7.3 | |
| CHARX SEC-3150 | Firmware <FW 1.7.3 | |
| CHARX SEC-3150 | Firmware <FW 1.7.3 |
Vulnerabilities
Expand / Collapse all
Published
09/22/2025 14:57
Severity
Weakness
Improper Control of Dynamically-Managed Code Resources (CWE-913)
References
Published
09/22/2025 14:57
Severity
Weakness
Initialization of a Resource with an Insecure Default (CWE-1188)
References
Published
09/22/2025 14:57
Severity
Weakness
Missing Authentication for Critical Function (CWE-306)
References
Published
09/22/2025 14:57
Severity
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
References
Mitigation
Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Remediation
Phoenix Contact strongly recommends to upgrade to firmware version 1.7.3 which fixes these vulnerabilities.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 07/08/2025 12:00 | Initial Revision |
| 1.1.0 | 07/22/2025 10:00 | Updated the reporting credits for CVE-2025-25271. |