Primary

Context

Phoenix Contact CHARX SEC-3000 Series Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability in Phoenix Contact CHARX SEC-3000 series charge controllers, all versions prior to 1.7.0, allows an authenticated low-privileged user to escalate privileges and gain root access. This issue arises from improper file permission handling, which can be exploited to alter access rights and elevate user privileges.

Impact

Exploitation of this vulnerability allows the authenticated user 'user-app' to gain root rights, leading to unauthorized access and control over the device.

Remediation

Users are strongly advised to upgrade to firmware version 1.7.0 or higher, which addresses this vulnerability. For additional guidance on protecting network-capable devices, consult the General Recommendation from Phoenix Contact.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact CHARX SEC-3000 Series Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact CHARX SEC-3000

Phoenix Contact CHARX SEC-3050

Phoenix Contact CHARX SEC-3100

Phoenix Contact CHARX SEC-3150

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating