SB2024082104 - Multiple vulnerabilities in Phoenix Contact CHARX controllers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024082104

SB2024082104 - Multiple vulnerabilities in Phoenix Contact CHARX controllers

Published: August 21, 2024

Security Bulletin ID SB2024082104
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Files or Directories Accessible to External Parties (CVE-ID: CVE-2024-3913)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a file writeable for short time after system startup within the firewall. A remote attacker can change the device configuration.


2) Insecure Default Initialization of Resource (CVE-ID: CVE-2024-6788)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insecure default initialization of resource. A remote attacker can use the firmware update feature on the LAN interface of the device to reset the password.


Remediation

Install update from vendor's website.

References