| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| CHARX SEC-3000 | < 1.7.3 | |
| CHARX SEC-3050 | < 1.7.3 | |
| CHARX SEC-3100 | < 1.7.3 | |
| CHARX SEC-3150 | < 1.7.3 |
Multiple vulnerabilities in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
Update Version 1.1.0: Updated the reporting credits for CVE-2025-25271.
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
The vulnerabilities can lead to a total loss of confidentiality, integrity and availability of the devices.
Mitigation
Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Remediation
Phoenix Contact strongly recommends to upgrade to firmware version 1.7.3 which fixes these vulnerabilities.
General Recommendation
For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: Application Note Security.
HT3 Labs for CVE-2025-25268 and CVE-2025-25269.
Tobias Scharnowski, Felix Buchmann and Kristian Covic from fuzzware.io for CVE-2025-25270.
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
for CVE-2025-25271.
CERT@VDE coordinated with Phoenix Contact GmbH & Co. KG.