CVE-2024-6788

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2024-022	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*

History

22 Aug 2025, 11:15

Type	Values Removed	Values Added
CWE	~~CWE-1188~~	CWE-1392
Summary	(es) Un atacante remoto no autenticado puede utilizar la función de actualización de firmware en la interfaz LAN del dispositivo para restablecer la contraseña de la "aplicación de usuario" predefinida y con pocos privilegios a la contraseña predeterminada.	(es) Un atacante remoto no autenticado puede utilizar la función de actualización de firmware en la interfaz LAN del dispositivo para restablecer la contraseña de la "aplicación de usuario" predefinida y con pocos privilegios a la contraseña predeterminada.

23 Jan 2025, 18:57

Type	Values Removed	Values Added
Summary		(es) Un atacante remoto no autenticado puede utilizar la función de actualización de firmware en la interfaz LAN del dispositivo para restablecer la contraseña de la "aplicación de usuario" predefinida y con pocos privilegios a la contraseña predeterminada.
First Time		Phoenixcontact Phoenixcontact charx Sec-3100 Firmware Phoenixcontact charx Sec-3000 Firmware Phoenixcontact charx Sec-3100 Phoenixcontact charx Sec-3050 Firmware Phoenixcontact charx Sec-3050 Phoenixcontact charx Sec-3150 Phoenixcontact charx Sec-3150 Firmware Phoenixcontact charx Sec-3000
CPE		cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:::::::: cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:::::::: cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:::::::: cpe:2.3:h:phoenixcontact:charx_sec-3000:-:::::::* cpe:2.3:h:phoenixcontact:charx_sec-3100:-:::::::* cpe:2.3:h:phoenixcontact:charx_sec-3050:-:::::::* cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:::::::: cpe:2.3:h:phoenixcontact:charx_sec-3150:-:::::::*
References	~~() https://cert.vde.com/en/advisories/VDE-2024-022 -~~	() https://cert.vde.com/en/advisories/VDE-2024-022 - Third Party Advisory

13 Aug 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 14:15

Updated : 2025-08-22 11:15

NVD link : CVE-2024-6788

Mitre link : CVE-2024-6788

CVE.ORG link : CVE-2024-6788

JSON object : View

Products Affected

phoenixcontact

charx_sec-3100
charx_sec-3000_firmware
charx_sec-3150
charx_sec-3050_firmware
charx_sec-3050
charx_sec-3000
charx_sec-3150_firmware
charx_sec-3100_firmware

CWE

CWE-1392

8.6 /10