CVE-2024-26001

HIGH

CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Unauthenticated Out-of-bounds Write via MQTT Stack

Title source: llm

Description

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

References (1)

Core 1

Core References

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-011

Scores

CVSS v3 7.4

EPSS 0.0087

EPSS Percentile 54.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (4)

phoenixcontact/charx_sec-3000_firmware < 1.5.1

phoenixcontact/charx_sec-3050_firmware < 1.5.1

phoenixcontact/charx_sec-3100_firmware < 1.5.1

phoenixcontact/charx_sec-3150_firmware < 1.5.1

Published Mar 12, 2024

Tracked Since Feb 18, 2026