PHOENIX CONTACT: Multiple vulnerabilities in CHARX SEC charge controllers

Act Now9.8VDE-2024-011Mar 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities have been discovered in CHARX SEC charge controller firmware (versions 1.5.0 and earlier) affecting models SEC-3000, SEC-3050, SEC-3100, and SEC-3150. The vulnerabilities include cleartext transmission (CWE-319), missing input validation (CWE-20), buffer overflows (CWE-787), unrestricted file uploads (CWE-434), command injection (CWE-77), and others. These allow remote unauthenticated network-based exploitation without user interaction. Phoenix Contact has released firmware v1.5.1 that addresses these issues and recommends operating these network-capable devices in closed networks or behind suitable firewalls.

What this means

What could happen

An attacker on the network could exploit multiple vulnerabilities to gain complete control of the CHARX SEC charge controller, potentially altering charging parameters, halting charging operations, or disrupting EV charging infrastructure availability.

Who's at risk

EV charging operators, fleet managers, and electric utilities deploying CHARX SEC charge controller models 3000/3050/3100/3150 for AC or DC charging infrastructure. This affects any organization relying on these controllers for vehicle charging operations.

How it could be exploited

An attacker with network access to a CHARX SEC device could send specially crafted network packets to exploit multiple flaws (CWE-319 cleartext transmission, CWE-787 buffer overflow, CWE-434 unrestricted file upload, CWE-77 command injection) without requiring authentication. This could lead to firmware modification, command execution, or process manipulation on the charge controller.

Prerequisites

Network reachability to the CHARX SEC device (direct or via shared network segment)
No valid credentials required for exploitation

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)multiple vulnerability classes

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CHARX SEC-3000≤ 1.5.0v1.5.1

CHARX SEC-3050≤ 1.5.0v1.5.1

CHARX SEC-3100≤ 1.5.0v1.5.1

CHARX SEC-3150≤ 1.5.0v1.5.1

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDeploy firewall rules to restrict network access to CHARX SEC devices, allowing only management traffic from authorized IP ranges

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CHARX SEC charge controller firmware to version v1.5.1 or later

Long-term hardening

0/1

HARDENINGIsolate CHARX SEC devices on a protected network segment or closed network, unreachable from untrusted networks

CVEs (13)

CVE-2024-26288 CVE-2024-26005 CVE-2024-26004 CVE-2024-26003 CVE-2024-26002 CVE-2024-26001 CVE-2024-25995 CVE-2024-25994 CVE-2024-25997 CVE-2024-25996 CVE-2024-26000 CVE-2024-25999 CVE-2024-25998

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0fd645e0-024b-47e3-b2df-ee1ac7875b53