CVE-2025-25268
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-11
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenixcontact | charx_sec-3000_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3000 | * |
| phoenixcontact | charx_sec-3050_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3050 | * |
| phoenixcontact | charx_sec-3100_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3100 | * |
| phoenixcontact | charx_sec-3150_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3150 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker who is adjacent in the network to modify the configuration of affected devices by sending specific requests to an API endpoint that lacks proper authentication. Specifically, it enables the attacker to configure a new OCPP backend due to insecure default settings in the configuration interface, leading to full read and write access. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a complete compromise of the confidentiality, integrity, and availability of the affected devices. An attacker can fully control device configurations, potentially disrupting operations, stealing sensitive information, or causing denial of service. [1]
What immediate steps should I take to mitigate this vulnerability?
Mitigation involves deploying the affected devices exclusively within closed industrial networks protected by appropriate firewalls. Additionally, Phoenix Contact strongly recommends upgrading the firmware to version 1.7.3, which addresses this and related vulnerabilities. [1]