CVE-2025-24004

MEDIUM EPSS 5.8%
Published Jul 8, 202511mo ago · Modified Jun 17, 20262w ago
5.2 CVSS 3.1
Medium
Find Similar
Published Jul 8, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

CVSS Details

Base Score
5.2
Exploitability
0.9
Impact
4.2
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability Low

Threat Intelligence

EPSS Exploit Probability
5.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-120

Affected Products 8

VendorProductVersionRange
phoenixcontactcharx_sec-3000_firmware* ≤1.6.5
phoenixcontactcharx_sec-3000*any
phoenixcontactcharx_sec-3050_firmware* ≤1.6.5
phoenixcontactcharx_sec-3050*any
phoenixcontactcharx_sec-3100_firmware* ≤1.6.5
phoenixcontactcharx_sec-3100*any
phoenixcontactcharx_sec-3150_firmware* ≤1.6.5
phoenixcontactcharx_sec-3150*any

References 1

  • certvde.com https://certvde.com/de/advisories/VDE-2025-014
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.