VDE-2024-070
Last update
14.05.2025 15:00
Published at
14.01.2025 12:00
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2024-070
CSAF Document
Summary
Improper file permission handling allows an authenticated low privileged user to gain root access.
Impact
This vulnerability allows the authenticated user "user-app" to gain root rights (privilege escalation).
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1139022 | CHARX SEC-3000 | Firmware <1.7.0 |
| 1139018 | CHARX SEC-3050 | Firmware <1.7.0 |
| 1139012 | CHARX SEC-3100 | Firmware <1.7.0 |
| 1138965 | CHARX SEC-3150 | Firmware <1.7.0 |
Vulnerabilities
Expand / Collapse all
Published
24.09.2025 12:38
Severity
Weakness
Incorrect Permission Assignment for Critical Resource (CWE-732)
References
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or
protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to General Recommendation.
Remediation
Phoenix Contact strongly recommends upgrading affected charge controllers to firmware
version 1.7.0 or higher which fixes this vulnerability.
Acknowledgments
Phoenix Contact GmbH & Co. KG thanks the following parties for their efforts:
- CERTVDE for coordination (see https://certvde.com )
- Tien Phan, Richard Jaletzki from for reporting
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 14.01.2025 12:00 | initial revision |
| 2 | 12.02.2025 17:48 | Fix: corrected self-reference, fixed version |
| 3 | 14.05.2025 15:00 | Fix: added distribution |