Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

Plan PatchCVSS 7.5VDE-2026-060Jun 3, 2026

Phoenix Contact

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability exists in CHARX SEC-3xxx firmware (versions 1.0.0 through 1.8.x) that allows unauthenticated download of system logs. An attacker with network access to the device can retrieve logs without providing credentials, exposing operational data, configuration details, and potentially sensitive information that could facilitate further attacks.

What this means

What could happen

An attacker with network access to the charging controller can download system logs without providing credentials, potentially exposing sensitive operational data such as authentication tokens, configuration details, or transaction records. This could lead to further attacks against the system or reveal information useful for bypassing other security controls.

Who's at risk

Site managers and operators of electric vehicle charging infrastructure, particularly those operating CHARX SEC-series charging stations. This affects charging facilities that may be networked for remote monitoring or management and exposes operational logs containing sensitive data.

How it could be exploited

An attacker sends an unauthenticated HTTP or API request to the charging controller's log download endpoint. The controller does not verify credentials or session tokens, allowing the attacker to retrieve and download the complete system logs containing sensitive operational information.

Prerequisites

Network access (Layer 3 or Layer 2) to the charging controller
Knowledge of the log download endpoint or ability to discover it through standard reconnaissance

remotely exploitableno authentication requiredlow complexityinformation disclosure

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

CHARX SEC-3150> 1.0.0, < 1.9.01.9.0

CHARX SEC-3050> 1.0.0, < 1.9.01.9.0

CHARX SEC-3000> 1.0.0, < 1.9.01.9.0

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to the charging controllers using a firewall; allow only trusted engineering workstations and network management systems to reach the devices

HARDENINGDeploy the charging controllers exclusively in closed industrial networks physically or logically isolated from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

CHARX SEC-3150

HOTFIXUpdate CHARX SEC-3150, SEC-3050, and SEC-3000 charging controllers to firmware version 1.9.0 or later

CVEs (1)

CVE-2026-41032

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c389244c-5a9a-4226-a96a-ff37a274da70

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.