CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-26000: PHOENIX CONTACT: Out of bounds read only memory access

5.9 CVSS

Description

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

Classification

CVE ID: CVE-2024-26000

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

Affected Products

Vendor: PHOENIX CONTACT

Product: CHARX SEC-3000

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.19% (probability of being exploited)

EPSS Percentile: 57.21% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

https://cert.vde.com/en/advisories/VDE-2024-011

Timeline

2025-01-25 00:30:14 UTC
CVE

PHOENIX CONTACT: Out of bounds read only memory access