7.5
CVE-2026-41032
- EPSS 0.26%
- Veröffentlicht 03.06.2026 10:16:16
- Zuletzt bearbeitet 04.06.2026 15:16:58
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPhoenix Contact
≫
Produkt
CHARX SEC-3150
Default Statusunaffected
Version
1.0.0
Version <
1.9.0
Status
affected
HerstellerPhoenix Contact
≫
Produkt
CHARX SEC-3100
Default Statusunaffected
Version
1.0.0
Version <
1.9.0
Status
affected
HerstellerPhoenix Contact
≫
Produkt
CHARX SEC-3050
Default Statusunaffected
Version
1.0.0
Version <
1.9.0
Status
affected
HerstellerPhoenix Contact
≫
Produkt
CHARX SEC-3000
Default Statusunaffected
Version
1.0.0
Version <
1.9.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.171 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json
https://certvde.com/de/advisories/VDE-2026-060/