ZDI-24-858: (Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Missing Encryption Authentication Bypass Vulnerability | allinfosecnews.com

June 21, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2024-26288.

arbitrary code attackers authentication authentication bypass bypass bypass vulnerability code cve cve-2024 cves cvss devices encryption exploit missing network phoenix phoenix contact protocol pwn2own rating sec vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-883: Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability 3 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +14

ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 4 days, 11 hours ago | www.zerodayinitiative.com

attackers authentication cve cve-2024 +16

ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +25

ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +21

ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +23

ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +24

ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication cameras +16

ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attackers authentication cameras cvss +11

ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attacker attackers cameras code +18

Watch Officer and Operations Officer

@ Interclypse | Arlington, VA, US

View on infosec-jobs.com

Sales Development Representative

@ Devo | United States

View on infosec-jobs.com

Principal Software Engineer

@ Oracle | Seattle, WA, United States

View on infosec-jobs.com

Engineering Manager, Cloud - TDIR (Remote)

@ CrowdStrike | USA CA Remote

View on infosec-jobs.com

Linux System Administrator II

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

Linux System Administrator

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com