CNNVD-202507-866 Information

CNNVD ID

CNNVD-202507-866

Related CVE

CVE-2025-25268

• CNNVD Published: 2025-07-08

Description (Chinese)

PHOENIX CONTACT CHARX SEC-3000等都是德国菲尼克斯电气（PHOENIX CONTACT）公司的产品。PHOENIX CONTACT CHARX SEC-3000是一个 AC 充电控制器。PHOENIX CONTACT CHARX SEC-3050是一个 AC 充电控制器。PHOENIX CONTACT CHARX SEC-3100是一个 AC 充电控制器。 PHOENIX CONTACT CHARX SEC-3xxx存在访问控制错误漏洞，该漏洞源于未经认证的相邻攻击者可通过向API端点发送特定请求修改配置，由于缺少认证导致读写访问。

Description (English)

PHOENIX CONTACT CHARX SEC-3000, etc., are products of PHOENIX CONTACT, Germany. PHOENIX CONTACT CHARX SEC-3000 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3050 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3100 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3xx has a bug in access control, which stems from the fact that uncertified neighbouring assailants can modify their configuration by sending a specific request to the API endpoint, resulting in reading and writing access due to lack of authentication.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

Phoenix Site

Published

2025-07-08

Last Modified

2026-02-24

References

https://certvde.com/de/advisories/VDE-2025-019

Patch

https://www.phoenixcontact.com/en-us/