Volerion logoVolerion
Volerion logoVolerion

Phoenix Contact CHARX SEC-3xxx Charging Controllers Out-of-Bounds Write Vulnerability

Vulnerability

A vulnerability allowing unauthenticated remote attackers to send MQTT messages that trigger out-of-bounds writes has been identified in Phoenix Contact CHARX SEC-3xxx charging controllers. This issue affects versions through 1.6.5 and versions prior to 1.7.3. The vulnerability leads to a loss of integrity specifically for EichrechtAgents and could cause a denial-of-service condition for the affected charging stations.

Impact

Exploitation of this vulnerability could result in a loss of integrity for EichrechtAgents and cause a denial-of-service condition for the affected charging stations.

Remediation

Users are advised to upgrade to firmware version 1.7.3, which addresses vulnerabilities CVE-2025-24005 and CVE-2025-24006. However, for vulnerabilities CVE-2025-24002, CVE-2025-24003, and CVE-2025-24004, which impact the Eichrecht functionality in firmware versions through 1.6.5, no vendor fix is currently planned. For general security recommendations, refer to the Phoenix Contact Application Note Security.

Added: Jul 8, 2025, 7:45 AM
Updated: Jul 8, 2025, 7:45 AM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
5.0
exploitability
7.0
remediation
7.9
relevance
0.2
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.