Phoenix Contact CHARX SEC-3150
Easy fix2 remedies
cpe:2.3:h:phoenixcontact:charx_sec-3150:*:*:*:*:*:*:*
Easy fix2 remedies
- < FW 1.7.4
Phoenix Contact CHARX SEC-3xxx Charging Controllers Code Injection Vulnerability
Vulnerability
Patched
A code injection vulnerability has been identified in the web-based management interface of Phoenix Contact CHARX SEC-3xxx charging controllers, including the SEC-3000, SEC-3050, SEC-3100, and SEC-3150 models, all running firmware prior to 1.7.4. This vulnerability allows low-privileged remote attackers to manipulate system configurations, executing commands with root privileges. The exploitation of this vulnerability leads to a complete compromise of the devices' confidentiality, integrity, and availability.
Impact
Exploitation of this vulnerability allows for command injection as root, causing a total loss of confidentiality, integrity, and availability on the affected devices.
Remediation
Users are advised to upgrade to firmware version 1.7.4, which addresses this vulnerability. For general security recommendations, refer to the Phoenix Contact application note on security measures for network-enabled devices.
Added: Oct 14, 2025, 9:18 AM
Updated: Oct 14, 2025, 9:18 AM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
7.5exploitability
4.9remediation
7.9relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.