Phoenix Contact: Security Advisory for CHARX-SEC3xxx Charge controllers
Plan Patch8.8VDE-2024-070Jan 14, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Improper file permission handling in Phoenix Contact CHARX SEC-3xxx charge controllers (all versions below 1.7.0) allows an authenticated low-privileged user to escalate privileges to root level. This privilege escalation vulnerability can be exploited by any user with valid low-privilege credentials on the device. CWE-732 (Incorrect Permission Assignment for Critical Resource).
What this means
What could happen
A low-privileged user with network or physical access to the charge controller could escalate their privileges to root level, allowing them to modify charging profiles, disable safety interlocks, or shut down the charging system entirely.
Who's at risk
Electric vehicle charging station operators and fleet charging network administrators using Phoenix Contact CHARX SEC-3xxx series charge controllers. This affects both DC fast charging (SEC-3100/3150) and AC charging (SEC-3000/3050) applications in public, fleet, and infrastructure charging networks.
How it could be exploited
An attacker with valid low-privilege credentials (or who gains them via phishing or default account discovery) connects to the charge controller's network interface and exploits improper file permissions to escalate to root access. Once at root level, they can execute arbitrary commands to manipulate the charging system's operation or disable protective functions.
Prerequisites
- Valid low-privilege user account on the charge controller
- Network connectivity to the charge controller management interface
remotely exploitablelow complexityauthentication required but at low privilege levelaffects charging system availability and safety interlocks
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
CHARX SEC-3000<1.7.01.7.0
CHARX SEC-3050<1.7.01.7.0
CHARX SEC-3100<1.7.01.7.0
CHARX SEC-3150<1.7.01.7.0
Remediation & Mitigation
0/4
Do now
0/2HARDENINGDeploy a firewall to restrict access to the charge controller management interface to authorized engineering networks only
HARDENINGAudit existing low-privilege accounts on all affected charge controllers and remove unused accounts
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
CHARX SEC-3000
HOTFIXUpgrade CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 charge controllers to firmware version 1.7.0 or higher
Long-term hardening
0/1HARDENINGPlace charge controllers in a closed network segment isolated from untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2da389d9-4e14-4620-8e9a-b403eb1d7b04