CVE-2024-26004 Overview
CVE-2024-26004 affects Phoenix Contact CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 electric vehicle (EV) charging controllers. The flaw resides in the control agent component, where an uninitialized pointer is dereferenced during processing of network-supplied input. An unauthenticated remote attacker can trigger this condition over the network to crash the control agent, disrupting or preventing the charging functionality.
The vulnerability is tracked under CWE-824: Access of Uninitialized Pointer and is documented in VDE Security Advisory VDE-2024-011.
Critical Impact
Unauthenticated network attackers can remotely disable EV charging stations by crashing the control agent, causing operational outages across deployed CHARX SEC charging infrastructure.
Affected Products
- Phoenix Contact CHARX SEC-3000 and SEC-3000 firmware
- Phoenix Contact CHARX SEC-3050 and SEC-3050 firmware
- Phoenix Contact CHARX SEC-3100 / SEC-3150 and associated firmware
Discovery Timeline
- 2024-03-12 - CVE-2024-26004 published to NVD alongside VDE-2024-011 advisory
- 2025-01-23 - Last updated in NVD database
Technical Details for CVE-2024-26004
Vulnerability Analysis
The CHARX SEC series functions as the central control unit in AC and DC EV charging stations, brokering communication between the vehicle, the charging backend, and supporting protocols such as OCPP and ISO 15118. The control agent process exposes network-facing functionality that an attacker can reach without authentication.
When the control agent processes specific incoming requests, it accesses a pointer that has not been properly initialized before use. Dereferencing this uninitialized pointer causes the process to read from an unpredictable memory location, resulting in an immediate crash. Because the affected service is integral to the charging workflow, its termination halts session negotiation and prevents new charging sessions from starting.
Root Cause
The root cause is access of an uninitialized pointer [CWE-824] within the control agent. A code path fails to assign a valid value to a pointer variable before dereferencing it, leaving its contents as whatever residual data resides on the stack or heap at allocation time. This violates basic memory-safety invariants and is reachable through attacker-controlled input.
Attack Vector
Exploitation requires only network reachability to the control agent service. No credentials, user interaction, or prior foothold are required. An attacker on the same network segment as the charging controller, or on any network with routable access to the device, can send the malformed request and force the control agent to terminate.
The vulnerability mechanism is described in prose only because no public proof-of-concept code has been verified. Refer to VDE Security Advisory VDE-2024-011 for vendor-confirmed technical details.
Detection Methods for CVE-2024-26004
Indicators of Compromise
- Unexpected termination, restart loops, or watchdog-triggered reboots of the control agent process on CHARX SEC-3000/3050/3100/3150 devices.
- Charging sessions that fail to initialize or are dropped immediately after vehicle plug-in events.
- Anomalous inbound network traffic to the control agent's listening ports from untrusted hosts.
Detection Strategies
- Monitor device syslog and event logs for control agent crash entries, segmentation faults, or service restart events.
- Inspect operational telemetry from the charging backend for sudden drops in station availability or repeated OCPP disconnects.
- Deploy network intrusion detection signatures focused on malformed requests targeting CHARX management protocols.
Monitoring Recommendations
- Centralize charging station logs into a SIEM and alert on repeated control agent restarts across the fleet.
- Baseline normal session-initiation traffic and alert on unauthenticated probes against the controller's network services.
- Track firmware versions across deployed CHARX SEC units to identify hosts still running vulnerable releases.
How to Mitigate CVE-2024-26004
Immediate Actions Required
- Apply the firmware update referenced in VDE Security Advisory VDE-2024-011 to all CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 devices.
- Restrict network access to the control agent so that only trusted management hosts and charging backends can communicate with it.
- Segment charging controllers onto isolated VLANs separated from corporate and public networks.
Patch Information
Phoenix Contact has released fixed firmware versions for the affected CHARX SEC product line. Customers must consult VDE Security Advisory VDE-2024-011 for the exact patched firmware identifiers and upgrade procedure for each hardware variant.
Workarounds
- Place affected controllers behind a stateful firewall that blocks inbound traffic from untrusted networks until firmware is updated.
- Disable or filter exposure of management interfaces to the internet and public-facing interfaces of the charging station.
- Enable device watchdog and auto-recovery features to reduce downtime if the control agent is crashed repeatedly.
# Example firewall rule restricting access to CHARX SEC management interface
# Replace <mgmt_subnet> and <charx_ip> with environment-specific values
iptables -A INPUT -p tcp -s <mgmt_subnet> -d <charx_ip> -j ACCEPT
iptables -A INPUT -d <charx_ip> -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

