Advisory Details

May 29th, 2024

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability

ZDI-24-520
ZDI-CAN-23418

CVE ID CVE-2024-28134
CVSS SCORE 7.5, AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AFFECTED VENDORS Phoenix Contact
AFFECTED PRODUCTS CHARX SEC-3100
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the configuration of nginx. The issue results from a lack of encryption. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the user-app account.

ADDITIONAL DETAILS Phoenix Contact has issued an update to correct this vulnerability. More details can be found at:
https://cert.vde.com/en/advisories/VDE-2024-019/
DISCLOSURE TIMELINE
  • 2024-02-21 - Vulnerability reported to vendor
  • 2024-05-29 - Coordinated public release of advisory
CREDIT Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
BACK TO ADVISORIES