Phoenix Contact: Multiple vulnerabilities in the Firmware of CHARX SEC charge controllers

Plan Patch7.8VDE-2024-019May 14, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in the CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 charge controllers with firmware version 1.5.1 and earlier. The vulnerabilities include race conditions (CWE-367), improper input validation (CWE-20), cleartext transmission of sensitive data (CWE-319), and untrusted search path issues (CWE-426). These vulnerabilities affect the firmware of network-capable charge controllers.

What this means

What could happen

An attacker with local network access to a CHARX SEC charge controller could execute code with elevated privileges, compromising the integrity and availability of charging operations and potentially exposing sensitive authentication credentials transmitted in cleartext.

Who's at risk

Organizations operating electric vehicle charging infrastructure with Phoenix Contact CHARX SEC charge controllers. This includes municipal utilities, public charging networks, fleet operators, and facilities managing EV charging stations. The vulnerability affects all CHARX SEC models (3000, 3050, 3100, 3150) running firmware 1.5.1 or earlier.

How it could be exploited

An attacker on the same network as a CHARX SEC charge controller could exploit input validation flaws or race conditions in the firmware to gain unauthorized access or execute arbitrary code on the device. Unencrypted credential transmission could also allow credential theft via network sniffing. This could lead to unauthorized control of charging sessions or disruption of EV charging service.

Prerequisites

Network access to the CHARX SEC charge controller (local network or via remote connection if exposed)
User-level or above privileges on the device
Ability to send specially crafted input to vulnerable firmware functions

High CVSS score (7.8)Multiple vulnerability typesAffects safety-adjacent systems (charging infrastructure)Cleartext credential transmissionLow authentication complexity

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CHARX SEC-3000≤ 1.5.11.6

CHARX SEC-3050≤ 1.5.11.6

CHARX SEC-3100≤ 1.5.11.6

CHARX SEC-3150≤ 1.5.11.6

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGPlace CHARX SEC charge controllers on a dedicated, isolated network or VLAN separate from critical operational networks

HARDENINGImplement firewall rules to restrict network access to CHARX SEC charge controllers, allowing only connections from authorized management and user interfaces

WORKAROUNDDisable remote management access to charge controllers if not required for operations; restrict to local network access only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade all CHARX SEC charge controllers (SEC-3000, SEC-3050, SEC-3100, SEC-3150) to firmware version 1.6 or later

CVEs (5)

CVE-2024-28137 CVE-2024-28136 CVE-2024-28135 CVE-2024-28134 CVE-2024-28133

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3620f757-1586-4bc7-a1ef-07e9a4287274