CVE-2024-28136

EUVD-2024-25283
A local attacker with low privileges can use a command injection vulnerability to gain root
privileges due to improper input validation using the OCPP Remote service.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
phoenixcontactcharx_sec-3000_firmware
𝑥
≤ 1.5.1
phoenixcontactcharx_sec-3050_firmware
𝑥
≤ 1.5.1
phoenixcontactcharx_sec-3100_firmware
𝑥
≤ 1.5.1
phoenixcontactcharx_sec-3150_firmware
𝑥
≤ 1.5.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
phoenixcontactcharx_sec_3000
𝑥
≤ 1.5.1
ADP
phoenixcontactcharx_sec_3050
𝑥
≤ 1.5.1
ADP
phoenixcontactcharx_sec_3100
𝑥
≤ 1.5.1
ADP
phoenixcontactcharx_sec_3150
𝑥
≤ 1.5.1
ADP
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2024-019
https://cert.vde.com/en/advisories/VDE-2024-019