Phoenix Contact CHARX SEC-3000
Easy fix2 remedies
cpe:2.3:h:phoenixcontact:charx_sec-3000:*:*:*:*:*:*:*, +1 more
Easy fix2 remedies
- <= 1.6.5
- < 1.7.3
Phoenix Contact CHARX SEC-3xxx Charging Controllers Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Phoenix Contact CHARX SEC-3xxx charging controllers, including the SEC-3000, SEC-3050, SEC-3100, and SEC-3150 models, all running firmware through 1.6.5 and prior to 1.7.3. The vulnerability allows an unauthenticated remote attacker to send MQTT messages that crash a service on the charging station, causing a temporary disruption until the station is manually restarted by a watchdog process.
Impact
Exploitation of this vulnerability causes a crash of the service on the affected charging stations, leading to a temporary denial-of-service until the stations are restarted by the watchdog.
Remediation
Users are advised to upgrade to firmware version 1.7.3, which addresses several vulnerabilities, including those impacting the CHARX SEC-3xxx charging controllers. However, for the specific issues related to CVE-2025-24002, CVE-2025-24003, and CVE-2025-24004, which affect the Eichrecht functionality in firmware versions 1.6.5 and prior to 1.7.3, no vendor fix is currently planned.
Added: Jul 8, 2025, 7:47 AM
Updated: Jul 8, 2025, 7:47 AM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
7.0remediation
7.9relevance
0.2threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.