Phoenixcontact ≫ Charx Sec-3000 Firmware

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.

A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext...

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. 

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. 

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality.