CVE-2025-24002
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-11
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenixcontact | charx_sec-3000_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3000 | * |
| phoenixcontact | charx_sec-3050_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3050 | * |
| phoenixcontact | charx_sec-3100_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3100 | * |
| phoenixcontact | charx_sec-3150_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3150 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to send MQTT messages to charging stations that comply with the German Calibration Law (Eichrecht), causing the service on these stations to crash. This results in a temporary denial-of-service condition until the stations are restarted by a watchdog process. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is a temporary denial-of-service on affected charging stations, meaning the stations will stop functioning until they are restarted. This can disrupt charging services and potentially cause operational downtime for users relying on these stations. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, deploy the affected charging stations exclusively within closed industrial networks protected by suitable firewalls. Since no vendor fix is planned yet for CVE-2025-24002, avoid exposing these devices to untrusted networks. Monitor the devices and ensure they are restarted by the watchdog if they crash. Follow general security recommendations as provided in Phoenix Contactβs Application Note Security. [1]