Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-26003

CVE-2024-26003: Phoenixcontact Charx SEC-3000 DoS Flaw

CVE-2024-26003 is a denial-of-service vulnerability in Phoenixcontact Charx SEC-3000 Firmware caused by an out-of-bounds read. Unauthenticated attackers can disrupt charging functionality. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2024-26003 Overview

CVE-2024-26003 is an out-of-bounds read vulnerability [CWE-125] in the control agent of Phoenix Contact CHARX SEC electric vehicle charging controllers. An unauthenticated remote attacker can trigger the flaw over the network to cause a denial of service (DoS) in the control agent, disrupting or preventing charging functionality. The vulnerability affects the CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 product lines used in commercial EV charging infrastructure. Successful exploitation requires no user interaction and no privileges, making the attack trivial to launch against exposed devices.

Critical Impact

Remote unauthenticated attackers can crash the control agent on CHARX SEC charging controllers, disrupting EV charging operations across affected sites.

Affected Products

  • Phoenix Contact CHARX SEC-3000 and SEC-3000 firmware
  • Phoenix Contact CHARX SEC-3050 and SEC-3050 firmware
  • Phoenix Contact CHARX SEC-3100 / SEC-3150 and associated firmware

Discovery Timeline

  • 2024-03-12 - CVE-2024-26003 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-26003

Vulnerability Analysis

The flaw resides in the control agent process responsible for managing charging sessions and communications on CHARX SEC devices. When the agent parses attacker-supplied input received over the network, it reads beyond the bounds of an allocated buffer. This out-of-bounds read leads to abnormal termination of the process, halting the charging control functions the device provides.

Because the vulnerable code path is reachable prior to authentication, any host with network reachability to the device can exercise it. The impact is limited to availability, with no confidentiality or integrity compromise reported. In operational technology environments, however, loss of the control agent directly translates into loss of charging service until the process or device recovers.

Root Cause

The root cause is improper validation of length or offset fields in data processed by the control agent. Without proper bounds checking, the agent dereferences memory outside the intended buffer, triggering a fault that terminates the process. The condition is classified under [CWE-125] Out-of-bounds Read.

Attack Vector

Exploitation is performed remotely over the network. An attacker sends a crafted request to the network service exposed by the control agent. No credentials, user interaction, or prior foothold are required. Repeated exploitation can produce a persistent denial-of-service condition against the charging controller. Refer to the VDE Security Advisory VDE-2024-011 for vendor-provided technical detail.

Detection Methods for CVE-2024-26003

Indicators of Compromise

  • Unexpected termination or restart of the CHARX SEC control agent process without a corresponding administrative action.
  • Charging sessions failing to initiate or dropping simultaneously across one or more CHARX SEC controllers.
  • Malformed or oversized protocol messages directed at CHARX SEC management ports from untrusted networks.

Detection Strategies

  • Monitor CHARX SEC device logs for control agent crashes, watchdog restarts, or repeated service failures.
  • Deploy network intrusion detection signatures that flag protocol anomalies against CHARX SEC service endpoints.
  • Correlate charging service outages with inbound traffic spikes from unauthorized source addresses.

Monitoring Recommendations

  • Centralize CHARX SEC device syslog and SNMP telemetry into a SIEM for cross-site correlation.
  • Alert on any external network flows reaching CHARX SEC controllers that should be reachable only from operational networks.
  • Track availability metrics for the control agent as a distinct service KPI, not only overall device uptime.

How to Mitigate CVE-2024-26003

Immediate Actions Required

  • Apply the firmware update referenced in VDE Security Advisory VDE-2024-011 as soon as it is available for your model.
  • Restrict network access to CHARX SEC controllers so that only authorized management hosts can reach the control agent.
  • Inventory all CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 assets and record firmware versions for tracking.

Patch Information

Phoenix Contact and CERT@VDE published fixed firmware for the CHARX SEC product family in coordination with VDE-2024-011. Administrators should consult the advisory for the specific fixed versions applicable to each model and follow the vendor's upgrade procedure.

Workarounds

  • Place CHARX SEC controllers behind a firewall that permits inbound connections only from trusted operations and maintenance networks.
  • Segment charging infrastructure from corporate IT and internet-facing networks using VLANs or dedicated OT zones.
  • Where remote management is required, tunnel access through an authenticated VPN rather than exposing the control agent directly.
bash
# Example firewall restriction (adapt to your environment)
# Allow control-agent access only from a defined management subnet
iptables -A INPUT -p tcp -s 10.10.20.0/24 --dport <control-agent-port> -j ACCEPT
iptables -A INPUT -p tcp --dport <control-agent-port> -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.