Phoenixcontact: >> Charx Sec-3100 Firmware >> 1.7.1 Security Vulnerabilities
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-07-08
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-08
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-07-08
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-07-08