Primary

Context

Phoenix Contact CHARX SEC-3xxx Charging Controllers Unauthenticated Log Download Vulnerability

Vulnerability

Patched

A vulnerability exists in the firmware of Phoenix Contact CHARX SEC-3xxx charging controllers, allowing unauthenticated adjacent attackers to download log files from the controller. This could lead to the disclosure of restricted information. The vulnerability affects CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 models, all running firmware prior to 1.9.0.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information from the affected charging controller's log files.

Remediation

Users are advised to upgrade to firmware version 1.9.0, which addresses this vulnerability. For general security recommendations regarding network-enabled devices, refer to the Phoenix Contact Application Note Security.

Added: Jun 3, 2026, 11:21 AM

Updated: Jun 3, 2026, 11:21 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.9

remediation

7.9

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.9

remediation

7.9

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact CHARX SEC-3xxx Charging Controllers Unauthenticated Log Download Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact CHARX SEC-3000

Phoenix Contact CHARX SEC-3050

Phoenix Contact CHARX SEC-3100

Phoenix Contact CHARX SEC-3150

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating