Skip to main content

CVE-2025-24003: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Phoenix Contact CHARX SEC-3150

High
VulnerabilityCVE-2025-24003cvecve-2025-24003cwe-120
Published: Tue Jul 08 2025 (07/08/2025, 06:59:17 UTC)
Source: CVE Database V5
Vendor/Project: Phoenix Contact
Product: CHARX SEC-3150

Description

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.

AI-Powered Analysis

AILast updated: 07/08/2025, 07:25:27 UTC

Technical Analysis

CVE-2025-24003 is a high-severity buffer overflow vulnerability (CWE-120) affecting the Phoenix Contact CHARX SEC-3150 charging stations that comply with the German Calibration Law (Eichrecht). The vulnerability arises from improper handling of MQTT messages, where the device performs a buffer copy operation without verifying the size of the input data. This unchecked buffer copy can lead to out-of-bounds writes, allowing an unauthenticated remote attacker to corrupt memory regions. The primary impact is a loss of integrity specifically for the EichrechtAgents component, which is responsible for ensuring compliance with calibration regulations. Additionally, the vulnerability can cause denial-of-service (DoS) conditions, potentially rendering the charging stations inoperable. The vulnerability does not impact confidentiality but affects integrity and availability. Exploitation requires no authentication or user interaction and can be performed remotely over the network via MQTT, a common protocol for IoT and industrial devices. Although no known exploits are currently reported in the wild, the CVSS score of 8.2 reflects the ease of exploitation combined with the significant impact on system integrity and availability. The CHARX SEC-3150 is a specialized charging station product used in regulated environments, particularly in Germany, to ensure compliance with calibration laws for electric vehicle charging. The vulnerability highlights risks in IoT and industrial control systems where buffer overflows can lead to critical operational disruptions and regulatory compliance failures.

Potential Impact

For European organizations, especially those operating electric vehicle charging infrastructure in Germany and neighboring countries, this vulnerability poses a significant risk. The loss of integrity in EichrechtAgents could lead to incorrect calibration data or failure to meet legal metrology requirements, potentially resulting in regulatory penalties and loss of trust. The denial-of-service impact could disrupt charging services, affecting business continuity and customer satisfaction. Given the increasing adoption of electric vehicles and the regulatory emphasis on accurate metering, compromised charging stations could have cascading effects on energy management and billing systems. Organizations relying on these devices may face operational downtime, increased maintenance costs, and reputational damage. Furthermore, since the vulnerability is exploitable remotely without authentication, attackers could target multiple stations en masse, amplifying the impact across regions. The threat also underscores the broader risk to critical infrastructure components that integrate IoT protocols like MQTT without robust input validation.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Immediate deployment of firmware updates or patches from Phoenix Contact once available; since no patch links are currently provided, organizations should maintain close contact with the vendor for updates. 2) Implement network segmentation to isolate charging stations from broader corporate or public networks, limiting exposure to MQTT traffic from untrusted sources. 3) Employ MQTT broker authentication and encryption (e.g., TLS) to restrict access and prevent unauthorized message injection. 4) Monitor MQTT traffic for anomalous patterns indicative of exploitation attempts, such as malformed or oversized messages targeting the charging stations. 5) Conduct regular security assessments and penetration tests focusing on IoT devices and their communication protocols. 6) Establish incident response plans specific to charging infrastructure to quickly address potential denial-of-service or integrity incidents. 7) Collaborate with regulatory bodies to ensure compliance and report any anomalies related to EichrechtAgents functionality. These measures go beyond generic advice by focusing on network-level controls, vendor coordination, and operational readiness tailored to the specific product and regulatory context.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERTVDE
Date Reserved
2025-01-16T15:48:36.250Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686cc4256f40f0eb72f2425e

Added to database: 7/8/2025, 7:09:25 AM

Last enriched: 7/8/2025, 7:25:27 AM

Last updated: 8/12/2025, 7:36:03 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats