Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-26004

CVE-2024-26004: Phoenixcontact Charx SEC-3000 DoS Flaw

CVE-2024-26004 is a denial of service vulnerability in Phoenixcontact Charx SEC-3000 Firmware caused by uninitialized pointer access. Attackers can disrupt charging functionality remotely without authentication. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2024-26004 Overview

CVE-2024-26004 affects Phoenix Contact CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 electric vehicle (EV) charging controllers. The flaw resides in the control agent component, where an uninitialized pointer is dereferenced during processing of network-supplied input. An unauthenticated remote attacker can trigger this condition over the network to crash the control agent, disrupting or preventing the charging functionality.

The vulnerability is tracked under CWE-824: Access of Uninitialized Pointer and is documented in VDE Security Advisory VDE-2024-011.

Critical Impact

Unauthenticated network attackers can remotely disable EV charging stations by crashing the control agent, causing operational outages across deployed CHARX SEC charging infrastructure.

Affected Products

  • Phoenix Contact CHARX SEC-3000 and SEC-3000 firmware
  • Phoenix Contact CHARX SEC-3050 and SEC-3050 firmware
  • Phoenix Contact CHARX SEC-3100 / SEC-3150 and associated firmware

Discovery Timeline

  • 2024-03-12 - CVE-2024-26004 published to NVD alongside VDE-2024-011 advisory
  • 2025-01-23 - Last updated in NVD database

Technical Details for CVE-2024-26004

Vulnerability Analysis

The CHARX SEC series functions as the central control unit in AC and DC EV charging stations, brokering communication between the vehicle, the charging backend, and supporting protocols such as OCPP and ISO 15118. The control agent process exposes network-facing functionality that an attacker can reach without authentication.

When the control agent processes specific incoming requests, it accesses a pointer that has not been properly initialized before use. Dereferencing this uninitialized pointer causes the process to read from an unpredictable memory location, resulting in an immediate crash. Because the affected service is integral to the charging workflow, its termination halts session negotiation and prevents new charging sessions from starting.

Root Cause

The root cause is access of an uninitialized pointer [CWE-824] within the control agent. A code path fails to assign a valid value to a pointer variable before dereferencing it, leaving its contents as whatever residual data resides on the stack or heap at allocation time. This violates basic memory-safety invariants and is reachable through attacker-controlled input.

Attack Vector

Exploitation requires only network reachability to the control agent service. No credentials, user interaction, or prior foothold are required. An attacker on the same network segment as the charging controller, or on any network with routable access to the device, can send the malformed request and force the control agent to terminate.

The vulnerability mechanism is described in prose only because no public proof-of-concept code has been verified. Refer to VDE Security Advisory VDE-2024-011 for vendor-confirmed technical details.

Detection Methods for CVE-2024-26004

Indicators of Compromise

  • Unexpected termination, restart loops, or watchdog-triggered reboots of the control agent process on CHARX SEC-3000/3050/3100/3150 devices.
  • Charging sessions that fail to initialize or are dropped immediately after vehicle plug-in events.
  • Anomalous inbound network traffic to the control agent's listening ports from untrusted hosts.

Detection Strategies

  • Monitor device syslog and event logs for control agent crash entries, segmentation faults, or service restart events.
  • Inspect operational telemetry from the charging backend for sudden drops in station availability or repeated OCPP disconnects.
  • Deploy network intrusion detection signatures focused on malformed requests targeting CHARX management protocols.

Monitoring Recommendations

  • Centralize charging station logs into a SIEM and alert on repeated control agent restarts across the fleet.
  • Baseline normal session-initiation traffic and alert on unauthenticated probes against the controller's network services.
  • Track firmware versions across deployed CHARX SEC units to identify hosts still running vulnerable releases.

How to Mitigate CVE-2024-26004

Immediate Actions Required

  • Apply the firmware update referenced in VDE Security Advisory VDE-2024-011 to all CHARX SEC-3000, SEC-3050, SEC-3100, and SEC-3150 devices.
  • Restrict network access to the control agent so that only trusted management hosts and charging backends can communicate with it.
  • Segment charging controllers onto isolated VLANs separated from corporate and public networks.

Patch Information

Phoenix Contact has released fixed firmware versions for the affected CHARX SEC product line. Customers must consult VDE Security Advisory VDE-2024-011 for the exact patched firmware identifiers and upgrade procedure for each hardware variant.

Workarounds

  • Place affected controllers behind a stateful firewall that blocks inbound traffic from untrusted networks until firmware is updated.
  • Disable or filter exposure of management interfaces to the internet and public-facing interfaces of the charging station.
  • Enable device watchdog and auto-recovery features to reduce downtime if the control agent is crashed repeatedly.
bash
# Example firewall rule restricting access to CHARX SEC management interface
# Replace <mgmt_subnet> and <charx_ip> with environment-specific values
iptables -A INPUT -p tcp -s <mgmt_subnet> -d <charx_ip> -j ACCEPT
iptables -A INPUT -d <charx_ip> -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.