Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26000

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

Published

2024-03-12T09:15:08.493

Last Modified

2025-01-24T07:15:09.440

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-125
Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	phoenixcontact	charx_sec-3000_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3000	-	No
Operating System	phoenixcontact	charx_sec-3050_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3050	-	No
Operating System	phoenixcontact	charx_sec-3100_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3100	-	No
Operating System	phoenixcontact	charx_sec-3150_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3150	-	No

References

https://cert.vde.com/en/advisories/VDE-2024-011 Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2024-011 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)