CVE-2024-26000

MEDIUM

Phoenixcontact Charx Sec-3000 Firmware < 1.5.1 - Out-of-Bounds Read

Title source: rule

Description

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

References (1)

Core 1

Core References

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-011

Scores

CVSS v3 5.9

EPSS 0.0018

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (4)

phoenixcontact/charx_sec-3000_firmware < 1.5.1

phoenixcontact/charx_sec-3050_firmware < 1.5.1

phoenixcontact/charx_sec-3100_firmware < 1.5.1

phoenixcontact/charx_sec-3150_firmware < 1.5.1

Published Mar 12, 2024

Tracked Since Feb 18, 2026