Phoenix Contact CHARX SEC-3000
Easy fix2 remedies
cpe:2.3:h:phoenixcontact:charx_sec-3000:*:*:*:*:*:*:*, +1 more
Easy fix2 remedies
- < 1.7.3
Phoenix Contact CHARX SEC-3xxx Charging Controllers Unauthenticated API Configuration Modification Vulnerability
Vulnerability
Patched
A vulnerability exists in Phoenix Contact CHARX SEC-3xxx charging controllers, all versions prior to 1.7.3. An unauthenticated adjacent attacker can modify the device's configuration by sending specific requests to an API endpoint. This vulnerability arises from missing authentication, allowing for unauthorized read and write access to the device's settings.
Impact
Exploitation of this vulnerability could lead to unauthorized modification of the device's configuration, potentially causing a complete loss of confidentiality, integrity, and availability.
Remediation
Users are advised to upgrade to firmware version 1.7.3, which addresses this vulnerability. For general security recommendations regarding network-enabled devices, refer to the Phoenix Contact Application Note Security.
Added: Jul 8, 2025, 7:37 AM
Updated: Jul 8, 2025, 7:37 AM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
0.6exploitability
4.9remediation
7.9relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.