Summary
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Impact
The vulnerabilities can lead to a total loss of confidentiality, integrity and availability of the devices.
Affected Product(s)
| Model no. | Product name | Affected versions | 
|---|---|---|
| CHARX SEC-3000 | Firmware <= FW 1.6.5, Firmware < FW 1.7.3 | |
| CHARX SEC-3050 | Firmware <= FW 1.6.5, Firmware < FW 1.7.3 | |
| CHARX SEC-3150 | Firmware <= FW 1.6.5, Firmware < FW 1.7.3 | |
| CHARX SEC-3150 | Firmware <= FW 1.6.5, Firmware < FW 1.7.3 | 
Vulnerabilities
Expand / Collapse allMitigation
Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Remediation
Phoenix Contact strongly recommends to upgrade to firmware version 1.7.3 which fixes vulnerabilities CVE-2025-24005 and CVE-2025-24006. The vulnerabilities CVE-2025-24002, CVE-2025-24003 and CVE-2025-24004 affect the Eichrecht functionality in FW <=1.6.5 and in the meantime there is no vendor fix planned for these issues.
Acknowledgments
Phoenix Contact GmbH & Co. KG thanks the following parties for their efforts:
- CERTVDE for coordination. (see https://certvde.com/en/ )
- Jesson Soto Ventura, Matthew Waddell from ivision for reporting.
Revision History
| Version | Date | Summary | 
|---|---|---|
| 1 | 08.07.2025 12:00 | Initial Revision |