Shodan
Vulnerabilities
Vulnerable Software
Phoenixcontact:  >> Charx Sec-3100 Firmware  >> 1.6.2  Security Vulnerabilities
CVE-2025-25270
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-07-08
CVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24004
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24005
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-25269
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-07-08
CVE-2025-24002
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-08
CVE-2025-24003
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-07-08
CVE-2024-6788
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
CVSS Score
8.6
EPSS Score
0.014
Published
2024-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved