Primary

Context

Phoenix Contact CHARX SEC-3xxx Charging Controllers Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Phoenix Contact CHARX SEC-3xxx charging controllers, specifically in versions through 1.6.5 and in the 1.7.2 version range. This vulnerability allows a local attacker with a user account to escalate privileges to root by exploiting a vulnerable script via SSH, due to improper input validation.

Impact

Exploitation of this vulnerability can lead to unauthorized privilege escalation, allowing a local user to gain root access on the affected device.

Remediation

Users are advised to upgrade to firmware version 1.7.3, which addresses this vulnerability. For general security recommendations, refer to the Phoenix Contact Application Note Security.

Added: Jul 8, 2025, 7:41 AM

Updated: Jul 8, 2025, 7:41 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact CHARX SEC-3xxx Charging Controllers Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact CHARX SEC-3000

Phoenix Contact CHARX SEC-3050

Phoenix Contact CHARX SEC-3100

Phoenix Contact CHARX SEC-3150

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating