Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28134

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.

Published

2024-05-14T16:16:37.623

Last Modified

2025-01-23T18:53:02.387

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	phoenixcontact	charx_sec-3000_firmware	≤ 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3000	-	No
Operating System	phoenixcontact	charx_sec-3050_firmware	≤ 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3050	-	No
Operating System	phoenixcontact	charx_sec-3100_firmware	≤ 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3100	-	No
Operating System	phoenixcontact	charx_sec-3150_firmware	≤ 1.5.1	Yes
Hardware	phoenixcontact	charx_sec-3150	-	No

References

https://cert.vde.com/en/advisories/VDE-2024-019 Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2024-019 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)