CVE-2024-6788

EUVD-2024-47818
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CERTVDECNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
phoenixcontactcharx_sec-3000_firmware
𝑥
< 1.6.3
phoenixcontactcharx_sec-3050_firmware
𝑥
< 1.6.3
phoenixcontactcharx_sec-3100_firmware
𝑥
< 1.6.3
phoenixcontactcharx_sec-3150_firmware
𝑥
< 1.6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2024-022