CNNVD-202510-2063 Information
CNNVD ID
CNNVD-202510-2063
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Phoenix Contact CHARX SEC-3150是德国菲尼克斯电气(Phoenix Contact)公司的一款交流充电控制器。 Phoenix Contact CHARX SEC-3150存在代码注入漏洞,该漏洞源于低权限远程攻击者可通过基于Web的管理账户更改系统配置执行命令注入,导致代码生成控制不当,可能完全丧失机密性、可用性和完整性。
Description (English)
Phoenix Contact CHARX SEC-3150 is an exchange charger for Phoenix Contact, Germany. Phoenix Contact CHARX SEC-3150 has a code-infusion loophole, which stems from the fact that low-authority remote attackers can be injected through an executive order based on Web-based management account change system configuration, leading to an inappropriate code generation control that could completely lose confidentiality, usability and integrity.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
菲尼克斯电气
Published
2025-10-14
Last Modified
2026-02-24
References
https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json
Share on: