CNNVD-202507-868 Information
CNNVD ID
CNNVD-202507-868
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
PHOENIX CONTACT CHARX SEC-3050等都是德国菲尼克斯电气(PHOENIX CONTACT)公司的产品。PHOENIX CONTACT CHARX SEC-3050是一个 AC 充电控制器。PHOENIX CONTACT CHARX SEC-3100是一个 AC 充电控制器。PHOENIX CONTACT CHARX SEC-3150是一款AC充电控制器。 PHOENIX CONTACT多款产品存在操作系统命令注入漏洞,该漏洞源于未经认证的本地攻击者可注入随后以root执行的命令,导致权限提升。以下产品及版本受到影响:PHOENIX CONTACT CHARX SEC-3150、PHOENIX CONTACT CHARX SEC-3100和PHOENIX CONTACT CHARX SEC-3050。
Description (English)
PHOENIX CONTACT CHARX SEC-3050 and others are products of PHOENIX CONTACT, Germany. PHOENIX CONTACT CHARX SEC-3050 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3100 is an AC charge controller. PHOENIX CONTACT CHARX SEC-3150 is an AC charge controller. PHOENIX CONTATT multi-products have a loophole in their operating system orders, which stems from the fact that unauthorized local assailants can be injected into subsequent orders executed in root, resulting in increased authority. The following products and versions were affected: PHOENIX CONTACH SEC-3150, PHOENIX CONTACT CHARX SEC-3100 and PHOENIX CONTACT CHARX SEC-3050.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
Phoenix Site
Published
2025-07-08
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-019
Patch
https://www.phoenixcontact.com/en-us/
Share on: