VDE-2025-074
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2025-10-14 10:00 - Updated: 2025-10-15 10:00Summary
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
Severity
High
Notes
Summary: A vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered.
Impact: The vulnerability can lead to a total loss of confidentiality, integrity and availability of the devices.
Mitigation: Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Remediation: Phoenix Contact strongly recommends to upgrade to firmware version 1.7.4 which fixes vulnerability CVE-2025-41699
General Recommendation: For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
Product Description: CHARX SEC EVSE charging controller
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').
8.8 (High)
Mitigation
This product was designed for use in closed industrial networks. Phoenix Contact strongly recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
References
Acknowledgments
CERTVDE
certvde.com/en/
Panasonic Holdings Corporation
Ryo Kato
Panasonic Holdings Corporation
Ryo Kato
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "Coordination",
"urls": [
"https://certvde.com/en/"
]
},
{
"names": [
"Ryo Kato"
],
"organization": "Panasonic Holdings Corporation",
"summary": "Reporting."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered.",
"title": "Summary"
},
{
"category": "description",
"text": "The vulnerability can lead to a total loss of confidentiality, integrity and availability of the devices.",
"title": "Impact"
},
{
"category": "description",
"text": "Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends to upgrade to firmware version 1.7.4 which fixes vulnerability CVE-2025-41699",
"title": "Remediation"
},
{
"category": "general",
"text": "For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
},
{
"category": "description",
"text": "CHARX SEC EVSE charging controller",
"title": "Product Description"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2025-00015",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2025-074: Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-074"
},
{
"category": "self",
"summary": "VDE-2025-074: Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
}
],
"title": "Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers",
"tracking": {
"aliases": [
"VDE-2025-074",
"PCSA-2025-00015"
],
"current_release_date": "2025-10-15T10:00:00.000Z",
"generator": {
"date": "2025-10-15T10:17:52.680Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.35"
}
},
"id": "VDE-2025-074",
"initial_release_date": "2025-10-14T10:00:00.000Z",
"revision_history": [
{
"date": "2025-07-08T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial Revision"
},
{
"date": "2025-10-15T10:00:00.000Z",
"number": "1.1.0",
"summary": "Updated the reporting credits, corrected reference token for one product, fixed typo in Document notes"
}
],
"status": "final",
"version": "1.1.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CHARX SEC-3150",
"product": {
"name": "CHARX SEC-3150",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1138965"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3100",
"product": {
"name": "CHARX SEC-3100",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1139012"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3050",
"product": {
"name": "CHARX SEC-3050",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1139018"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3000",
"product": {
"name": "CHARX SEC-3000",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFW 1.7.4",
"product": {
"name": "Firmware \u003c FW 1.7.4",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "FW 1.7.4",
"product": {
"name": "Firmware 1.7.4",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "FW \u003c1.7.4 installed on CHARX SEC-3150",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW \u003c1.7.4 installed on CHARX SEC-3100",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW \u003c1.7.4 installed on CHARX SEC-3050",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW \u003c1.7.4 installed on CHARX SEC-3000",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW 1.7.4 installed on CHARX SEC-3150",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW 1.7.4 installed on CHARX SEC-3100",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW 1.7.4 installed on CHARX SEC-3050",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "FW 1.7.4 installed on CHARX SEC-3000",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ryo Kato"
],
"organization": "Panasonic Holdings Corporation",
"summary": "reporting."
}
],
"cve": "CVE-2025-41699",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code (\u0027Code Injection\u0027).",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "This product was designed for use in closed industrial networks. Phoenix Contact strongly recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf). ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "CVE-2025-41699"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…