CVE-2026-41032
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated Adjacent Access to Controller Log Files

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: CERT VDE

Description
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-41032
EUVD
EUVD-2026-34070
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
phoenix_contact charx_sec-3000 *
phoenix_contact charx_sec-3050 *
phoenix_contact charx_sec-3100 *
phoenix_contact charx_sec-3150 to 1.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate the vulnerability CVE-2026-41032, it is recommended to upgrade the firmware of affected Phoenix Contact CHARX SEC-3xxx charging controllers to version 1.9.0 or later, which resolves the issue.

Additionally, these devices should be used exclusively in closed industrial networks protected by a firewall to reduce the risk of exploitation by unauthenticated adjacent attackers.

Executive Summary

CVE-2026-41032 is a vulnerability in the firmware of Phoenix Contact's CHARX SEC-3xxx charging controllers that allows an unauthenticated adjacent attacker to download log files from the controller.

These log files may contain restricted information, potentially exposing sensitive data to unauthorized parties.

The vulnerability affects multiple models including CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 running firmware versions prior to 1.9.0.

It has a high severity rating with a CVSS v3.1 base score of 7.5, primarily impacting confidentiality.

Impact Analysis

This vulnerability can impact you by allowing an unauthenticated attacker who is adjacent on the network to access and download log files from the affected charging controllers.

Since these log files may contain restricted or sensitive information, their exposure could lead to unauthorized disclosure of confidential data.

The vulnerability does not affect the integrity or availability of the device, but the confidentiality impact is considered high.

To reduce risk, it is recommended to use these devices only in closed industrial networks protected by a firewall and to upgrade the firmware to version 1.9.0 or later, which fixes the issue.

Compliance Impact

The vulnerability allows an unauthenticated attacker to download log files containing potentially restricted information, which could lead to unauthorized disclosure of sensitive data.

Such unauthorized exposure of sensitive information may impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding confidential data against unauthorized access.

Mitigation measures include upgrading the firmware to version 1.9.0 or later and using the devices only within closed industrial networks protected by firewalls to reduce the risk of data exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41032. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart