Zurück zur Übersicht

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

VDE-2025-019
Last update
22.07.2025 10:00
Published at
08.07.2025 12:00
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2025-019
CSAF Document
Download

Summary

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.

Update Version 1.1.0: Updated the reporting credits for CVE-2025-25271.

Impact

The vulnerabilities can lead to a total loss of confidentiality, integrity and availability of the devices.

Affected Product(s)

Model no. Product name Affected versions
CHARX SEC-3000 Firmware <FW 1.7.3
CHARX SEC-3050 Firmware <FW 1.7.3
CHARX SEC-3100 Firmware <FW 1.7.3
CHARX SEC-3150 Firmware <FW 1.7.3

Vulnerabilities

Expand / Collapse all

Published
09.02.2026 08:38
Severity
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Control of Dynamically-Managed Code Resources (CWE-913)
Summary

CVE-2025-25270

References
cve.org | nvd.nist.gov

Published
09.02.2026 08:38
Severity
8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Initialization of a Resource with an Insecure Default (CWE-1188)
Summary

CVE-2025-25271

References
cve.org | nvd.nist.gov

Published
09.02.2026 08:38
Severity
8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary

CVE-2025-25268

References
cve.org | nvd.nist.gov

Published
09.02.2026 08:38
Severity
8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

CVE-2025-25269

References
cve.org | nvd.nist.gov

Mitigation

Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.

Remediation

Phoenix Contact strongly recommends to upgrade to firmware version 1.7.3 which fixes these vulnerabilities.

Acknowledgments

Phoenix Contact GmbH & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 08.07.2025 12:00 Initial Revision
1.1.0 22.07.2025 10:00 Updated the reporting credits for CVE-2025-25271.