Charx sec-3000 firmware

This hub aggregates every CVE we track for Charx sec-3000 firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Charx sec-3000 firmware.

• CVE-2025-25271OCPP Backend Configuration via Insecure Defaults8.8Jul 8, 2025
• CVE-2025-25270Remote Code Execution via Unauthenticated Configuration Manipulation9.8Jul 8, 2025
• CVE-2025-25269Local Privilege Escalation via Unauthenticated Command Injection8.4Jul 8, 2025
• CVE-2025-25268Unauthenticated Configuration Access via Exposed API Endpoint8.8Jul 8, 2025
• CVE-2025-24006Privilege Escalation via Insecure SSH Permissions7.8Jul 8, 2025
• CVE-2025-24005Local Privilege Escalation via Vulnerable SSH Script7.8Jul 8, 2025
• CVE-2025-24004USB-C Buffer Overflow via Display Interface in EV Charging Stations5.2Jul 8, 2025
• CVE-2025-24003MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations8.2Jul 8, 2025
• CVE-2025-24002MQTT DoS Vulnerability in German EV Charging Stations5.3Jul 8, 2025
• CVE-2024-6788Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password8.6Aug 13, 2024
• CVE-2024-3913Phoenix Contact: Start sequence allows attack during the boot process5.9Aug 13, 2024
• CVE-2024-28137PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series 7.8May 14, 2024
• CVE-2024-28136PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service7.8May 14, 2024
• CVE-2024-28135PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series5.0May 14, 2024
• CVE-2024-28134PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series 7.0May 14, 2024