A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2024-022 |
History
Tue, 13 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Phoenixcontact
Phoenixcontact charx Sec 3000 Phoenixcontact charx Sec 3050 Phoenixcontact charx Sec 3100 Phoenixcontact charx Sec 3150 |
|
CPEs | cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Phoenixcontact
Phoenixcontact charx Sec 3000 Phoenixcontact charx Sec 3050 Phoenixcontact charx Sec 3100 Phoenixcontact charx Sec 3150 |
|
Metrics |
ssvc
|
Tue, 13 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. | |
Title | Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password | |
Weaknesses | CWE-1188 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2024-08-13T13:15:03.120Z
Updated: 2024-08-13T16:50:38.588Z
Reserved: 2024-07-16T12:18:00.312Z
Link: CVE-2024-6788
Vulnrichment
Updated: 2024-08-13T16:47:20.822Z
NVD
Status : Awaiting Analysis
Published: 2024-08-13T14:15:16.457
Modified: 2024-08-13T17:11:53.553
Link: CVE-2024-6788
Redhat
No data.