VDE-2026-060
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2026-06-03 10:00 - Updated: 2026-06-03 10:01Summary
Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
Severity
High
Notes
Summary: VDE-2026-060: A unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered.
Impact: The vulnerability can lead to restricted information being disclosed to an unauthenticated attacker.
Mitigation: Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Remediation: Phoenix Contact recommends to upgrade to firmware version 1.9.0 which fixes this vulnerability.
General Recommendation: For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
Product Description: CHARX EVSE charging controller
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
7.5 (High)
Vendor Fix
Phoenix Contact strongly recommends to upgrade to firmware version 1.9.0 which fixes these vulnerabilities.
Mitigation
Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
References
6 references
Acknowledgments
CERTVDE
certvde.com/en/
ZDI
Piotr Ptaszek
Mateusz Wójcik
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination.",
"urls": [
"https://certvde.com/en/"
]
},
{
"names": [
"Piotr Ptaszek",
"Mateusz W\u00f3jcik"
],
"organization": "ZDI",
"summary": "reporting."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "VDE-2026-060: A unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers has been discovered.",
"title": "Summary"
},
{
"category": "description",
"text": "The vulnerability can lead to restricted information being disclosed to an unauthenticated attacker.",
"title": "Impact"
},
{
"category": "description",
"text": "Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact recommends to upgrade to firmware version 1.9.0 which fixes this vulnerability. ",
"title": "Remediation"
},
{
"category": "general",
"text": "For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
},
{
"category": "description",
"text": "CHARX EVSE charging controller",
"title": "Product Description"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2026-00007",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2026-060: Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-060"
},
{
"category": "self",
"summary": "VDE-2026-060: Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
}
],
"title": "Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers",
"tracking": {
"aliases": [
"VDE-2026-060",
"PCSA-2026-00007"
],
"current_release_date": "2026-06-03T10:01:00.000Z",
"generator": {
"date": "2026-06-03T08:37:16.531Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44"
}
},
"id": "VDE-2026-060",
"initial_release_date": "2026-06-03T10:00:00.000Z",
"revision_history": [
{
"date": "2026-06-03T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision"
},
{
"date": "2026-06-03T10:01:00.000Z",
"number": "1.0.1",
"summary": "added \"Firmware\" to the textual description of the relationships."
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CHARX SEC-3150",
"product": {
"name": "CHARX SEC-3150",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:phoenix_contact:charx_sec_3150:*:*:*:*:*:*:*:*",
"model_numbers": [
"1138965"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3100",
"product": {
"name": "CHARX SEC-3150",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:phoenix_contact:charx_sec_3100:*:*:*:*:*:*:*:*",
"model_numbers": [
"1139012"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3050",
"product": {
"name": "CHARX SEC-3050",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:phoenix_contact:charx_sec_3050:*:*:*:*:*:*:*:*",
"model_numbers": [
"1139018"
]
}
}
},
{
"category": "product_name",
"name": "CHARX SEC-3000",
"product": {
"name": "CHARX SEC-3000",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:phoenix_contact:charx_sec_3000:*:*:*:*:*:*:*:*",
"model_numbers": [
"1139022"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:generic/\u003e1.0.0|\u003c1.9.0",
"product": {
"name": "Firmware \u003c1.9.0",
"product_id": "CSAFPID-21001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3xxx_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"1138965",
"1139012",
"1139018",
"1139022"
]
}
}
},
{
"category": "product_version",
"name": "1.9.0",
"product": {
"name": "Firmware 1.9.0",
"product_id": "CSAFPID-22001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3xxx_firmware:1.9.0:*:*:*:*:*:*:*",
"model_numbers": [
"1138965",
"1139012",
"1139018",
"1139022"
]
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3150",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3150_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"1138965"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3100",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3100_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"1139012"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3050",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3050_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"1139018"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.9.0 installed on CHARX SEC-3000",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3000_firmware:*:*:*:*:*:*:*:*",
"model_numbers": [
"1139022"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3150",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3150_firmware:1.9.0:*:*:*:*:*:*:*",
"model_numbers": [
"1138965"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3100",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3100_firmware:1.9.0:*:*:*:*:*:*:*",
"model_numbers": [
"1139012"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3050",
"product_id": "CSAFPID-32003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3050_firmware:1.9.0:*:*:*:*:*:*:*",
"model_numbers": [
"1139018"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.9.0 installed on CHARX SEC-3000",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:phoenix_contact:charx_sec3000_firmware:1.9.0:*:*:*:*:*:*:*",
"model_numbers": [
"1139022"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41032",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"references": [
{
"category": "external",
"summary": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N - 8.7 - High",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Phoenix Contact strongly recommends to upgrade to firmware version 1.9.0 which fixes these vulnerabilities.",
"group_ids": [
"CSAFGID-0001"
],
"restart_required": {
"category": "system"
}
},
{
"category": "mitigation",
"details": "Affected charging controllers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.",
"group_ids": [
"CSAFGID-0001"
],
"restart_required": {
"category": "none"
}
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated Log-Download"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…