{ "document": { "acknowledgments": [ { "organization": "CERTVDE", "summary": "coordination", "urls": [ "https://certvde.com" ] }, { "names": [ "Alex Olson, \"gadha\"" ], "organization": "Trend Micro's Zero Day Initiative", "summary": "reporting", "urls": [ "https://www.zerodayinitiative.com/" ] }, { "names": [ "McCaulay Hudson", "Alexander Plaskett" ], "organization": "NCC Group", "summary": "reporting", "urls": [ "https://www.nccgroup.com/" ] } ], "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale", "text": "high" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-GB", "notes": [ { "category": "summary", "text": "Start sequence for firewall service allows attack during the boot process. Password is reset to default when the device undergoes a firmware upgrade.", "title": "Summary" }, { "category": "description", "text": "These vulnerabilities may allow an attacker within the network to change the device configuration through an unauthenticated internal service before the firewall is started during boot process. The second vulnerability may allow an local attacker to use the firmware update feature to reset the user-app accounts password to the dafault value that is documented in the product documentation. The user \"user-app\" has limited access rights.", "title": "Impact" }, { "category": "description", "text": "Phoenix Contact recommends operating network-capable devices in closed networks or\nprotected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.", "title": "Mitigation" }, { "category": "description", "text": "Phoenix Contact strongly recommends upgrading affected charge controllers to firmware\nversion 1.6.3 or higher which fixes these vulnerabilities.", "title": "Remediation" }, { "category": "general", "text": "For general information and recommendations on security measures to protect network-enabled\ndevices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf)", "title": "General Recommendation" }, { "category": "description", "text": "CHARX control modular AC are charging controllers for mode 3 electric vehicle charging. ", "title": "Product Description" } ], "publisher": { "category": "vendor", "contact_details": "psirt@phoenixcontact.com", "name": "Phoenix Contact GmbH & Co. KG", "namespace": "https://phoenixcontact.com/psirt" }, "references": [ { "category": "external", "summary": "2024/00003: ", "url": "https://phoenixcontact.com/psirt" }, { "category": "external", "summary": "Phoenix Contact advisory overview at CERT@VDE", "url": "https://certvde.com/de/advisories/vendor/phoenixcontact/" }, { "category": "external", "summary": "Phoenix Contact application note", "url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf" }, { "category": "self", "summary": "VDE-2024-022: Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers - HTML", "url": "https://certvde.com/en/advisories/VDE-2024-022/" }, { "summary": "VDE-2024-022: Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers - CSAF", "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-022.json", "category": "self" } ], "title": "Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers", "tracking": { "aliases": [ "VDE-2024-022", "2024/00003" ], "current_release_date": "2025-08-27T10:00:00.000Z", "generator": { "date": "2025-08-28T07:35:50.642Z", "engine": { "name": "Secvisogram", "version": "2.5.34" } }, "id": "VDE-2024-022", "initial_release_date": "2024-08-13T10:00:00.000Z", "revision_history": [ { "date": "2024-08-13T10:00:00.000Z", "number": "1.0.0", "summary": "initial revision" }, { "summary": "Fix: typo in version", "date": "2025-03-14T11:30:00.000Z", "number": "1.0.1" }, { "number": "1.0.2", "summary": "Fix: added distribution, quotation mark", "date": "2025-05-22T13:03:10.000Z" }, { "summary": "Update: CWE from CVE-2024-6788, Revision History", "number": "1.1.2", "date": "2025-08-27T10:00:00.000Z" } ], "status": "final", "version": "1.1.2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CHARX SEC-3000", "product": { "name": "CHARX SEC-3000", "product_id": "CSAFPID-11001", "product_identification_helper": { "model_numbers": [ "1139022" ] } } }, { "category": "product_name", "name": "CHARX SEC-3050", "product": { "name": "CHARX SEC-3050", "product_id": "CSAFPID-11002", "product_identification_helper": { "model_numbers": [ "1139018" ] } } }, { "category": "product_name", "name": "CHARX SEC-3100", "product": { "name": "CHARX SEC-3100", "product_id": "CSAFPID-11003", "product_identification_helper": { "model_numbers": [ "1139012" ] } } }, { "category": "product_name", "name": "CHARX SEC-3150", "product": { "name": "CHARX SEC-3150", "product_id": "CSAFPID-11004", "product_identification_helper": { "model_numbers": [ "1138965" ] } } } ], "category": "product_family", "name": "Hardware" }, { "branches": [ { "category": "product_version_range", "name": "<1.6.3", "product": { "name": "Firmware <1.6.3", "product_id": "CSAFPID-21001" } }, { "category": "product_version", "name": "1.6.3", "product": { "name": "Firmware 1.6.3", "product_id": "CSAFPID-22001" } } ], "category": "product_family", "name": "Firmware" } ], "category": "vendor", "name": "Phoenix Contact" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-31001", "CSAFPID-31002", "CSAFPID-31003", "CSAFPID-31004" ], "summary": "Affected Products." }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-32003", "CSAFPID-32004" ], "summary": "Fixed Products." } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "Firmware <1.6.3 installed on CHARX SEC-3000", "product_id": "CSAFPID-31001" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <1.6.3 installed on CHARX SEC-3050", "product_id": "CSAFPID-31002" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <1.6.3 installed on CHARX SEC-3100", "product_id": "CSAFPID-31003" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11003" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <1.6.3 installed on CHARX SEC-3150", "product_id": "CSAFPID-31004" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11004" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.6.3 installed on CHARX SEC-3000", "product_id": "CSAFPID-32001" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.6.3 installed on CHARX SEC-3050", "product_id": "CSAFPID-32002" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.6.3 installed on CHARX SEC-3100", "product_id": "CSAFPID-32003" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11003" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.6.3 installed on CHARX SEC-3150", "product_id": "CSAFPID-32004" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11004" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-3913", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "notes": [ { "category": "summary", "text": "An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.", "title": "Summary" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-32003", "CSAFPID-32004" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31002", "CSAFPID-31003", "CSAFPID-31004" ] }, "release_date": "2024-08-13T10:00:00.000Z", "remediations": [ { "category": "vendor_fix", "details": "Phoenix Contact strongly recommends upgrading affected charge controllers to firmware\nversion 1.6.3 or higher which fixes these vulnerabilities.", "group_ids": [ "CSAFGID-0001" ] }, { "category": "workaround", "details": "Phoenix Contact recommends operating network-capable devices in closed networks or\nprotected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-31001", "CSAFPID-31002", "CSAFPID-31003", "CSAFPID-31004" ] } ], "title": "CVE-2024-3913" }, { "cve": "CVE-2024-6788", "cwe": { "id": "CWE-1392", "name": "Use of Default Credentials" }, "notes": [ { "category": "summary", "text": "A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user 'user-app' to the default password.", "title": "Summary" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-32003", "CSAFPID-32004" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31002", "CSAFPID-31003", "CSAFPID-31004" ] }, "release_date": "2024-08-13T10:00:00.000Z", "remediations": [ { "category": "vendor_fix", "details": "Phoenix Contact strongly recommends upgrading affected charge controllers to firmware\nversion 1.6.3 or higher which fixes these vulnerabilities.", "group_ids": [ "CSAFGID-0001" ] }, { "category": "workaround", "details": "Phoenix Contact recommends operating network-capable devices in closed networks or\nprotected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "environmentalScore": 8.6, "environmentalSeverity": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 8.6, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "CSAFPID-31001", "CSAFPID-31002", "CSAFPID-31003", "CSAFPID-31004" ] } ], "title": "CVE-2024-6788" } ] }