Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Plan PatchCVSS 8.8VDE-2025-074Oct 14, 2025

Phoenix Contact

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A code execution vulnerability (CWE-94) exists in Phoenix Contact CHARX SEC-3xxx charging controller firmware versions prior to 1.7.4. An authenticated attacker with network access can execute arbitrary code on the device, potentially disrupting charging operations. Phoenix Contact recommends operating these devices in closed industrial networks or behind a suitable firewall. The vulnerability requires valid login credentials.

What this means

What could happen

An attacker with local network access and valid credentials can execute arbitrary code on the charging controller, potentially altering charge rates, disabling charging ports, or disrupting electric vehicle charging operations across your fleet.

Who's at risk

Electric utility operators and facility managers responsible for electric vehicle charging infrastructure. This affects any organization running Phoenix Contact CHARX SEC-3000, SEC-3050, SEC-3100, or SEC-3150 charging controllers in on-premises or cloud-hosted EV charging networks.

How it could be exploited

An attacker on the same network segment (or with network path to the controller) can authenticate with valid credentials and exploit a code execution flaw in the firmware to run arbitrary commands on the controller, bypassing normal operational constraints.

Prerequisites

Network access to the CHARX SEC-3xxx device on port 22 or web management interface
Valid login credentials for the charging controller management interface

remotely exploitablerequires valid credentialscode execution capabilityaffects charging operationslow EPSS score (0.2%) suggests limited active exploitation

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CHARX SEC-3150<FW 1.7.4FW 1.7.4

CHARX SEC-3100<FW 1.7.4FW 1.7.4

CHARX SEC-3050<FW 1.7.4FW 1.7.4

CHARX SEC-3000<FW 1.7.4FW 1.7.4

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to charging controller management interfaces using firewall rules: allow only trusted workstations and block access from guest or untrusted networks

HARDENINGImplement strong password policies for all charging controller accounts; rotate default or shared credentials immediately

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

CHARX SEC-3000

HOTFIXUpdate all CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 controllers to firmware version 1.7.4 or later

Long-term hardening

0/1

HARDENINGPlace CHARX SEC-3xxx controllers on a dedicated, segmented network separate from corporate IT and guest networks; require VPN or jump host access for remote management

CVEs (1)

CVE-2025-41699

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/90cb02d3-5067-444f-8e6c-ba68134170dc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.