{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24003", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-01-16T15:48:36.250Z", "datePublished": "2025-07-08T06:59:17.316Z", "dateUpdated": "2025-07-08T13:38:55.893Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CHARX SEC-3150", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.6.5", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CHARX SEC-3100", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.6.5", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CHARX SEC-3050", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.6.5", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CHARX SEC-3000", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.6.5", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jesson Soto Ventura"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Matthew Waddell"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."}], "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-07-08T06:59:17.316Z"}, "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-014"}], "source": {"advisory": "VDE-2025-014", "defect": ["CERT@VDE#641739"], "discovery": "UNKNOWN"}, "title": "MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T13:38:52.356516Z", "id": "CVE-2025-24003", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T13:38:55.893Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T13:38:52.356516Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T13:38:35.406Z"}}], "cna": {"title": "MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations", "source": {"defect": ["CERT@VDE#641739"], "advisory": "VDE-2025-014", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jesson Soto Ventura"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Matthew Waddell"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Phoenix Contact", "product": "CHARX SEC-3150", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "1.6.5"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "CHARX SEC-3100", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "1.6.5"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "CHARX SEC-3050", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "1.6.5"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "CHARX SEC-3000", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "1.6.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-014"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-07-08T06:59:17.316Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24003", "state": "PUBLISHED", "dateUpdated": "2025-07-08T13:38:55.893Z", "dateReserved": "2025-01-16T15:48:36.250Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-07-08T06:59:17.316Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6338C05A-3F0E-408E-98B1-51B2EAE05F5B", "versionEndIncluding": "1.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1095269-9D5A-4557-BA9D-33B49AAA339F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC6EA57F-57E6-437F-8035-3B714A4E824C", "versionEndIncluding": "1.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*", "matchCriteriaId": "775BA5ED-968B-4759-BA39-50F9EAB29169", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "160F031E-81BB-466B-808D-6BF46D28BD17", "versionEndIncluding": "1.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*", "matchCriteriaId": "F498BFB3-3C39-4F0B-9775-0B4F891D866C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B0E8722-3BCD-4360-BF23-7BC020A28D51", "versionEndIncluding": "1.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*", "matchCriteriaId": "32916BED-0241-4787-960C-7A4E8E1DDED7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations."}, {"lang": "es", "value": "Un atacante remoto no autenticado puede usar mensajes MQTT para activar escrituras fuera de los l\u00edmites en estaciones de carga que cumplen con la Ley de calibraci\u00f3n alemana, lo que genera una p\u00e9rdida de integridad solo para EichrechtAgents y una posible denegaci\u00f3n de servicio para estas estaciones."}], "id": "CVE-2025-24003", "lastModified": "2025-07-11T14:36:12.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2025-07-08T07:15:23.943", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://certvde.com/en/advisories/VDE-2025-014"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{}