Description
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Published: 2026-06-03
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware of Phoenix Contact CHARX SEC‑3xxx charging controllers allows an unauthenticated attacker on the same local network to download controller log files. This flaw reveals restricted information, such as configuration, usage patterns or potentially sensitive data, and is classified as an information exposure (CWE‑200). The vulnerability does not grant system control but can significantly compromise confidentiality by leaking operational details.

Affected Systems

Affected devices are the Phoenix Contact CHARX SEC‑3000, SEC‑3050, SEC‑3100 and SEC‑3150 series charging controllers. The issue exists in their firmware, and the advisory does not limit impact to a particular firmware revision, so all current releases are potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.5 the flaw is considered high severity. The EPSS score is not available, and the vulnerability is not yet listed in the CISA KEV catalog, so the current exploitation probability is unknown. The attacker must be physically or logically adjacent, typically on the same LAN segment, to trigger the exploit and download logs without authentication. Successful exploitation leads to information disclosure that could enable further attacks such as credential harvesting or targeted compromise.

Generated by OpenCVE AI on June 3, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest firmware update from Phoenix Contact as soon as it is released.
  • Place the charging controllers in a separate, isolated network segment and restrict log access to secure management hosts via strict firewall rules.
  • Enable any vendor‑provided authentication for log download, or enforce VPN access.
  • If updating or restricting network access is not feasible, monitor the device for unauthorized log retrieval and consider disabling the log download feature if supported.

Generated by OpenCVE AI on June 3, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Phoenixcontact
Phoenixcontact charx Sec-3000
Phoenixcontact charx Sec-3050
Phoenixcontact charx Sec-3100
Phoenixcontact charx Sec-3150
Vendors & Products Phoenixcontact
Phoenixcontact charx Sec-3000
Phoenixcontact charx Sec-3050
Phoenixcontact charx Sec-3100
Phoenixcontact charx Sec-3150

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Title Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
First Time appeared Phoenix Contact
Phoenix Contact charx Sec-3000 Firmware
Phoenix Contact charx Sec-3050 Firmware
Phoenix Contact charx Sec-3100 Firmware
Phoenix Contact charx Sec-3150 Firmware
Weaknesses CWE-200
CPEs cpe:2.3:o:phoenix_contact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenix_contact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenix_contact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:phoenix_contact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*
Vendors & Products Phoenix Contact
Phoenix Contact charx Sec-3000 Firmware
Phoenix Contact charx Sec-3050 Firmware
Phoenix Contact charx Sec-3100 Firmware
Phoenix Contact charx Sec-3150 Firmware
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Phoenix Contact Charx Sec-3000 Firmware Charx Sec-3050 Firmware Charx Sec-3100 Firmware Charx Sec-3150 Firmware
Phoenixcontact Charx Sec-3000 Charx Sec-3050 Charx Sec-3100 Charx Sec-3150
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-06-03T12:39:40.933Z

Reserved: 2026-04-16T06:00:17.600Z

Link: CVE-2026-41032

cve-icon Vulnrichment

Updated: 2026-06-03T12:39:37.340Z

cve-icon NVD

Status : Received

Published: 2026-06-03T11:16:19.540

Modified: 2026-06-03T11:16:19.540

Link: CVE-2026-41032

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T12:30:26Z

Weaknesses