CVE-2025-24004
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-11
Assigner: CERT VDE
Description
Description
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenixcontact | charx_sec-3000_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3000 | * |
| phoenixcontact | charx_sec-3050_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3050 | * |
| phoenixcontact | charx_sec-3100_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3100 | * |
| phoenixcontact | charx_sec-3150_firmware | to 1.6.5 (inc) |
| phoenixcontact | charx_sec-3150 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a physical attacker with access to the device's display via USB-C to send a message that triggers an insecure copy operation to a buffer. This results in loss of data integrity and causes a temporary denial-of-service for the stations until they are restarted by the watchdog.
How can this vulnerability impact me? :
The impact includes loss of integrity of data and a temporary denial-of-service condition for the affected stations, which remain unavailable until they are restarted by the watchdog mechanism.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70