CVE-2024-26002

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2024-011	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-011	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*

History

23 Jan 2025, 18:48

Type	Values Removed	Values Added
References	~~() https://cert.vde.com/en/advisories/VDE-2024-011 -~~	() https://cert.vde.com/en/advisories/VDE-2024-011 - Third Party Advisory
CPE		cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:::::::: cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:::::::: cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:::::::: cpe:2.3:h:phoenixcontact:charx_sec-3000:-:::::::* cpe:2.3:h:phoenixcontact:charx_sec-3100:-:::::::* cpe:2.3:h:phoenixcontact:charx_sec-3050:-:::::::* cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:::::::: cpe:2.3:h:phoenixcontact:charx_sec-3150:-:::::::*
First Time		Phoenixcontact Phoenixcontact charx Sec-3100 Firmware Phoenixcontact charx Sec-3000 Firmware Phoenixcontact charx Sec-3100 Phoenixcontact charx Sec-3050 Firmware Phoenixcontact charx Sec-3050 Phoenixcontact charx Sec-3150 Phoenixcontact charx Sec-3150 Firmware Phoenixcontact charx Sec-3000

21 Nov 2024, 09:01

Type	Values Removed	Values Added
Summary		(es) Una validación de entrada incorrecta en Qualcom plctool permite a un atacante local con privilegios bajos obtener acceso de root cambiando la propiedad de archivos específicos.
References	~~() https://cert.vde.com/en/advisories/VDE-2024-011 -~~	() https://cert.vde.com/en/advisories/VDE-2024-011 -

12 Mar 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-12 09:15

Updated : 2025-01-23 18:48

NVD link : CVE-2024-26002

Mitre link : CVE-2024-26002

CVE.ORG link : CVE-2024-26002

JSON object : View

Products Affected

phoenixcontact

charx_sec-3000
charx_sec-3150_firmware
charx_sec-3050_firmware
charx_sec-3000_firmware
charx_sec-3150
charx_sec-3050
charx_sec-3100_firmware
charx_sec-3100

CWE

CWE-20

Improper Input Validation

7.8 /10