A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
History

Tue, 13 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Phoenixcontact
Phoenixcontact charx Sec 3000
Phoenixcontact charx Sec 3050
Phoenixcontact charx Sec 3100
Phoenixcontact charx Sec 3150
CPEs cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*
Vendors & Products Phoenixcontact
Phoenixcontact charx Sec 3000
Phoenixcontact charx Sec 3050
Phoenixcontact charx Sec 3100
Phoenixcontact charx Sec 3150
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
Description A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
Title Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password
Weaknesses CWE-1188
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-08-13T13:15:03.120Z

Updated: 2024-08-13T16:50:38.588Z

Reserved: 2024-07-16T12:18:00.312Z

Link: CVE-2024-6788

cve-icon Vulnrichment

Updated: 2024-08-13T16:47:20.822Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-13T14:15:16.457

Modified: 2024-08-13T17:11:53.553

Link: CVE-2024-6788

cve-icon Redhat

No data.