CVE-2024-26000

MEDIUM

CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Unauthenticated Out-of-bounds Read in MQTT Stack

Title source: llm

Description

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

References (1)

Core 1

Core References

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-011

Scores

CVSS v3 5.9

EPSS 0.0081

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (4)

phoenixcontact/charx_sec-3000_firmware < 1.5.1

phoenixcontact/charx_sec-3050_firmware < 1.5.1

phoenixcontact/charx_sec-3100_firmware < 1.5.1

phoenixcontact/charx_sec-3150_firmware < 1.5.1

Published Mar 12, 2024

Tracked Since Feb 18, 2026