7.5

CVE-2026-41032

Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPhoenix Contact
Produkt CHARX SEC-3150
Default Statusunaffected
Version 1.0.0
Version < 1.9.0
Status affected
HerstellerPhoenix Contact
Produkt CHARX SEC-3100
Default Statusunaffected
Version 1.0.0
Version < 1.9.0
Status affected
HerstellerPhoenix Contact
Produkt CHARX SEC-3050
Default Statusunaffected
Version 1.0.0
Version < 1.9.0
Status affected
HerstellerPhoenix Contact
Produkt CHARX SEC-3000
Default Statusunaffected
Version 1.0.0
Version < 1.9.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.171
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json
https://certvde.com/de/advisories/VDE-2026-060/