Primary

Context

Phoenix Contact CHARX SEC-3xxx Charging Controllers Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability exists in Phoenix Contact CHARX SEC-3xxx charging controllers, specifically in versions through 1.6.5 and prior to 1.7.3. This vulnerability allows low-privileged local attackers to exploit insecure SSH permissions on the affected devices, leading to unauthorized privilege escalation to root.

Impact

Exploitation of this vulnerability results in unauthorized root access on the affected device.

Remediation

Users are advised to upgrade to firmware version 1.7.3, which addresses vulnerabilities CVE-2025-24005 and CVE-2025-24006. For general security recommendations, refer to the Phoenix Contact Application Note Security.

Added: Jul 8, 2025, 7:39 AM

Updated: Jul 8, 2025, 7:39 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact CHARX SEC-3xxx Charging Controllers Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact CHARX SEC-3000

Phoenix Contact CHARX SEC-3050

Phoenix Contact CHARX SEC-3100

Phoenix Contact CHARX SEC-3150

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating