VDE-2024-070
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2025-01-14 11:00 - Updated: 2025-05-14 13:00Summary
Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers
Severity
High
Notes
Summary: Improper file permission handling allows an authenticated low privileged user to gain root access.
Impact: This vulnerability allows the authenticated user "user-app" to gain root rights (privilege escalation).
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or
protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.
Remediation: Phoenix Contact strongly recommends upgrading affected charge controllers to firmware
version 1.7.0 or higher which fixes this vulnerability.
General Recommendation: For general information and recommendations on security measures to protect network-enabled
devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf)
Product Description: CHARX control modular AC are charging controllers for mode 3 electric vehicle charging.
8.8 (High)
Vendor Fix
Phoenix Contact strongly recommends upgrading affected charge controllers to firmware
version 1.7.0 or higher which fixes this vulnerability.
Workaround
Phoenix Contact recommends operating network-capable devices in closed networks or
protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.
References
Acknowledgments
CERTVDE
certvde.com
Tien Phan
Richard Jaletzki
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Tien Phan",
"Richard Jaletzki"
],
"summary": "reporting"
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "high"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Improper file permission handling allows an authenticated low privileged user to gain root access. ",
"title": "Summary"
},
{
"category": "description",
"text": "This vulnerability allows the authenticated user \"user-app\" to gain root rights (privilege escalation).",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or\nprotected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends upgrading affected charge controllers to firmware\nversion 1.7.0 or higher which fixes this vulnerability.",
"title": "Remediation"
},
{
"category": "general",
"text": "For general information and recommendations on security measures to protect network-enabled\ndevices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf)",
"title": "General Recommendation"
},
{
"category": "description",
"text": "CHARX control modular AC are charging controllers for mode 3 electric vehicle charging. ",
"title": "Product Description"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2024/00022: ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
},
{
"category": "self",
"summary": "VDE-2024-070: Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-070/"
},
{
"category": "self",
"summary": "VDE-2024-070: Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2024-070.json"
}
],
"title": "Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers",
"tracking": {
"aliases": [
"VDE-2024-070",
"PCSA-2024/00022"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2024-12-09T08:33:17.510Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "VDE-2024-070",
"initial_release_date": "2025-01-14T11:00:00.000Z",
"revision_history": [
{
"date": "2025-01-14T11:00:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-02-12T16:48:47.000Z",
"number": "2",
"summary": "Fix: corrected self-reference, fixed version"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CHARX SEC-3000",
"product": {
"name": "CHARX SEC-3000",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3050",
"product": {
"name": "CHARX SEC-3050",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1139018"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3100",
"product": {
"name": "CHARX SEC-3100",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1139012"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3150",
"product": {
"name": "CHARX SEC-3150",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1138965"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.7.0",
"product": {
"name": "Firmware \u003c1.7.0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.7.0",
"product": {
"name": "Firmware 1.7.0",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.7.0 installed on CHARX SEC-3000",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.7.0 installed on CHARX SEC-3050",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.7.0 installed on CHARX SEC-3100",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.7.0 installed on CHARX SEC-3150",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.7.0 installed on CHARX SEC-3000",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.7.0 installed on CHARX SEC-3050",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.7.0 installed on CHARX SEC-3100",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.7.0 installed on CHARX SEC-3150",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11497",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"release_date": "2025-01-14T10:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-14T11:00:00.000Z",
"details": "Phoenix Contact strongly recommends upgrading affected charge controllers to firmware\nversion 1.7.0 or higher which fixes this vulnerability.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "workaround",
"date": "2025-01-14T11:00:00.000Z",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or\nprotected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2024-11497"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…