Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26001

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

Published

2024-03-12T09:15:08.730

Last Modified

2025-01-24T07:15:09.653

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	phoenixcontact	charx_sec-3000_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3000	-	No
Operating System	phoenixcontact	charx_sec-3050_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3050	-	No
Operating System	phoenixcontact	charx_sec-3100_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3100	-	No
Operating System	phoenixcontact	charx_sec-3150_firmware	< 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3150	-	No

References

https://cert.vde.com/en/advisories/VDE-2024-011 Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2024-011 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)