Share: Email | Twitter

ID

VDE-2025-019

Published

2025-07-08 09:00 (CEST)

Last update

2025-07-08 08:58 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
CHARX SEC-3000 < 1.7.3
CHARX SEC-3050 < 1.7.3
CHARX SEC-3100 < 1.7.3
CHARX SEC-3150 < 1.7.3

Summary

Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.

Vulnerabilities



Last Update
4. Juli 2025 14:13
Weakness
Improper Control of Dynamically-Managed Code Resources (CWE-913)
Summary

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations

Last Update
4. Juli 2025 14:11
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Last Update
4. Juli 2025 14:14
Weakness
Initialization of a Resource with an Insecure Default (CWE-1188)
Summary

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Last Update
4. Juli 2025 14:12
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Impact

The vulnerabilities can lead to a total loss of confidentiality, integrity and availability of the devices.

Solution

Mitigation

Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.

Remediation

Phoenix Contact strongly recommends to upgrade to firmware version 1.7.3 which fixes these vulnerabilities.

General Recommendation

For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: Application Note Security.

Reported by

HT3 Labs for CVE-2025-25268 and CVE-2025-25269.

Tobias Scharnowski, Felix Buchmann and Kristian Covic from fuzzware.io for CVE-2025-25270.

The Synacktiv team for CVE-2025-25271.

CERT@VDE coordinated with Phoenix Contact GmbH & Co. KG.