OTPulse

Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Plan PatchCVSS 8.2VDE-2025-014Jul 8, 2025
Phoenix Contact
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities exist in Phoenix Contact CHARX SEC-3xxx charging controller firmware versions 1.6.5 and earlier. CVE-2025-24005 and CVE-2025-24006 are remotely exploitable via network without authentication and can cause integrity issues (altered charging behavior) and high availability impact (denial of service). Input validation flaws (CWE-20) and buffer overflow issues (CWE-120) allow unauthenticated network attackers to send malicious input. Three additional vulnerabilities (CVE-2025-24002, CVE-2025-24003, CVE-2025-24004) affecting Eichrecht metering compliance have no vendor fix planned. Phoenix Contact recommends upgrading to firmware 1.7.3 for CVE-2025-24005 and 24006, and operating these devices in closed networks protected by firewalls.

What this means
What could happen
An attacker with network access to a CHARX SEC-3xxx charging controller could alter charge rates or stop charging operations, and could prevent proper billing and metering compliance. Some vulnerabilities affecting Eichrecht (calibration/metering) compliance have no planned fixes.
Who's at risk
Electric utilities and charging station operators managing Phoenix Contact CHARX SEC-3xxx charging controllers are affected. This includes all organizations operating EV charging infrastructure, public charging networks, workplace charging, and fleet charging facilities that use these controllers.
How it could be exploited
An attacker on the network can send specially crafted requests to the device (CVE-2025-24005, CVE-2025-24006) to trigger input validation or buffer overflow flaws. The attacker does not need credentials or user interaction. By exploiting these flaws, the attacker can alter device behavior or crash the charging controller, disrupting EV charging operations or metering functions.
Prerequisites
  • Network access to the CHARX SEC-3xxx device (typically port 80/443 for web interface or proprietary charging protocol port)
  • Device running vulnerable firmware version 1.6.5 or earlier (or any version before 1.7.3 for CVE-2025-24005/24006)
  • No authentication required to send malicious input
Remotely exploitable without authenticationLow attack complexityInput validation and buffer overflow flawsHigh availability impact (charging operations disruption)Some vulnerabilities have no vendor fix plannedAffects critical metering/billing functions (Eichrecht compliance)
Exploitability
Unlikely to be exploited — EPSS score 0.4%
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
CHARX SEC-3050≤ FW 1.6.51.7.3
CHARX SEC-3050<FW 1.7.31.7.3
CHARX SEC-3000≤ FW 1.6.51.7.3
CHARX SEC-3000<FW 1.7.31.7.3
CHARX SEC-3150≤ FW 1.6.51.7.3
CHARX SEC-3150<FW 1.7.31.7.3
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to CHARX SEC-3xxx devices using firewall rules to allow traffic only from trusted engineering workstations and management systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CHARX SEC-3xxx devices to firmware version 1.7.3 or later
Long-term hardening
0/2
HARDENINGIsolate CHARX SEC-3xxx charging controllers on a closed, protected industrial network segment separate from general corporate IT networks
HARDENINGMonitor CHARX SEC-3xxx devices for unexpected network connections or firmware modifications using network monitoring or device logging
View full CERT@VDE advisory
API: /api/v1/advisories/8053d184-8d2c-4fb4-b91e-7ee221ea48c5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.