Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
Plan Patch8.2VDE-2025-014Jul 8, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in CHARX SEC-3xxx charging controller firmware (CVE-2025-24002 through CVE-2025-24006) allow improper input validation and buffer overflow attacks due to insufficient access controls and input validation (CWE-20, CWE-120, CWE-269). Vulnerabilities CVE-2025-24005 and CVE-2025-24006 can be patched; however, CVE-2025-24002, CVE-2025-24003, and CVE-2025-24004 affecting Eichrecht metering functionality have no vendor fix planned. The product is designed for closed industrial networks but is vulnerable when exposed to untrusted network segments.
What this means
What could happen
An attacker with network access to the charging controller could manipulate billing data or cause denial of service by disrupting the charging operation, affecting revenue collection and customer service. Additionally, unfixed vulnerabilities in the Eichrecht metering functionality could allow tampering with meter readings used for regulatory compliance.
Who's at risk
Operators of electric vehicle charging infrastructure using Phoenix Contact CHARX SEC-3xxx charging controllers, particularly municipal utilities and commercial charging networks that rely on these controllers for billing and metering. This affects both the operational charging service and the integrity of Eichrecht-regulated metering data.
How it could be exploited
An attacker on the network segment containing the CHARX SEC-3xxx controller could send malformed input to trigger buffer overflow or improper input validation flaws, allowing code execution or service disruption. Alternatively, the attacker could exploit insufficient access controls to directly modify billing or metering data if the device is reachable from untrusted network segments.
Prerequisites
- Network access to the CHARX SEC-3xxx controller from an untrusted network segment
- Device not protected by firewall or network segmentation
- Firmware version 1.6.5 or earlier, or firmware versions below 1.7.3
Remotely exploitableNo authentication requiredLow complexityNo patch available for 3 of 5 identified vulnerabilitiesHigh CVSS score (8.2)Affects billing and metering systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
CHARX SEC-3050≤ FW 1.6.51.7.3
CHARX SEC-3050<FW 1.7.31.7.3
CHARX SEC-3000≤ FW 1.6.51.7.3
CHARX SEC-3000<FW 1.7.31.7.3
CHARX SEC-3150≤ FW 1.6.51.7.3
CHARX SEC-3150<FW 1.7.31.7.3
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate CHARX SEC-3xxx controllers on a closed industrial network or protected by a firewall that restricts access from untrusted network segments
WORKAROUNDFor vulnerabilities CVE-2025-24002, CVE-2025-24003, and CVE-2025-24004 affecting Eichrecht functionality with no vendor fix planned: implement compensating controls such as dedicated metering verification audits and network segmentation to prevent unauthorized access to metering data
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade CHARX SEC-3xxx charging controllers to firmware version 1.7.3 or later
Long-term hardening
0/1HARDENINGReview and restrict network access to the charging controller to only authorized management workstations and billing systems
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8053d184-8d2c-4fb4-b91e-7ee221ea48c5