CVE-2024-26288 HIGH

CVE-2024-26288: PHOENIX CONTACT: Lack of SSL support in CHARX Series

Vendor Phoenix Contact
Product CHARX SEC-3000
Weakness CWE-319 · Cleartext transmission
Published March 12, 2024
Last update August 2, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.

Key dates

02Disclosure timeline

March 12, 2024 CVE published
August 2, 2024 Record updated