CVE-2025-24003: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Phoenix Contact CHARX SEC-3150
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
AI Analysis
Technical Summary
CVE-2025-24003 is a high-severity buffer overflow vulnerability (CWE-120) affecting the Phoenix Contact CHARX SEC-3150 charging stations that comply with the German Calibration Law (Eichrecht). The vulnerability arises from improper handling of MQTT messages, where the device performs a buffer copy operation without verifying the size of the input data. This unchecked buffer copy can lead to out-of-bounds writes, allowing an unauthenticated remote attacker to corrupt memory regions. The primary impact is a loss of integrity specifically for the EichrechtAgents component, which is responsible for ensuring compliance with calibration regulations. Additionally, the vulnerability can cause denial-of-service (DoS) conditions, potentially rendering the charging stations inoperable. The vulnerability does not impact confidentiality but affects integrity and availability. Exploitation requires no authentication or user interaction and can be performed remotely over the network via MQTT, a common protocol for IoT and industrial devices. Although no known exploits are currently reported in the wild, the CVSS score of 8.2 reflects the ease of exploitation combined with the significant impact on system integrity and availability. The CHARX SEC-3150 is a specialized charging station product used in regulated environments, particularly in Germany, to ensure compliance with calibration laws for electric vehicle charging. The vulnerability highlights risks in IoT and industrial control systems where buffer overflows can lead to critical operational disruptions and regulatory compliance failures.
Potential Impact
For European organizations, especially those operating electric vehicle charging infrastructure in Germany and neighboring countries, this vulnerability poses a significant risk. The loss of integrity in EichrechtAgents could lead to incorrect calibration data or failure to meet legal metrology requirements, potentially resulting in regulatory penalties and loss of trust. The denial-of-service impact could disrupt charging services, affecting business continuity and customer satisfaction. Given the increasing adoption of electric vehicles and the regulatory emphasis on accurate metering, compromised charging stations could have cascading effects on energy management and billing systems. Organizations relying on these devices may face operational downtime, increased maintenance costs, and reputational damage. Furthermore, since the vulnerability is exploitable remotely without authentication, attackers could target multiple stations en masse, amplifying the impact across regions. The threat also underscores the broader risk to critical infrastructure components that integrate IoT protocols like MQTT without robust input validation.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Immediate deployment of firmware updates or patches from Phoenix Contact once available; since no patch links are currently provided, organizations should maintain close contact with the vendor for updates. 2) Implement network segmentation to isolate charging stations from broader corporate or public networks, limiting exposure to MQTT traffic from untrusted sources. 3) Employ MQTT broker authentication and encryption (e.g., TLS) to restrict access and prevent unauthorized message injection. 4) Monitor MQTT traffic for anomalous patterns indicative of exploitation attempts, such as malformed or oversized messages targeting the charging stations. 5) Conduct regular security assessments and penetration tests focusing on IoT devices and their communication protocols. 6) Establish incident response plans specific to charging infrastructure to quickly address potential denial-of-service or integrity incidents. 7) Collaborate with regulatory bodies to ensure compliance and report any anomalies related to EichrechtAgents functionality. These measures go beyond generic advice by focusing on network-level controls, vendor coordination, and operational readiness tailored to the specific product and regulatory context.
Affected Countries
Germany, Austria, Switzerland, Netherlands, Belgium, France
CVE-2025-24003: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Phoenix Contact CHARX SEC-3150
Description
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
AI-Powered Analysis
Technical Analysis
CVE-2025-24003 is a high-severity buffer overflow vulnerability (CWE-120) affecting the Phoenix Contact CHARX SEC-3150 charging stations that comply with the German Calibration Law (Eichrecht). The vulnerability arises from improper handling of MQTT messages, where the device performs a buffer copy operation without verifying the size of the input data. This unchecked buffer copy can lead to out-of-bounds writes, allowing an unauthenticated remote attacker to corrupt memory regions. The primary impact is a loss of integrity specifically for the EichrechtAgents component, which is responsible for ensuring compliance with calibration regulations. Additionally, the vulnerability can cause denial-of-service (DoS) conditions, potentially rendering the charging stations inoperable. The vulnerability does not impact confidentiality but affects integrity and availability. Exploitation requires no authentication or user interaction and can be performed remotely over the network via MQTT, a common protocol for IoT and industrial devices. Although no known exploits are currently reported in the wild, the CVSS score of 8.2 reflects the ease of exploitation combined with the significant impact on system integrity and availability. The CHARX SEC-3150 is a specialized charging station product used in regulated environments, particularly in Germany, to ensure compliance with calibration laws for electric vehicle charging. The vulnerability highlights risks in IoT and industrial control systems where buffer overflows can lead to critical operational disruptions and regulatory compliance failures.
Potential Impact
For European organizations, especially those operating electric vehicle charging infrastructure in Germany and neighboring countries, this vulnerability poses a significant risk. The loss of integrity in EichrechtAgents could lead to incorrect calibration data or failure to meet legal metrology requirements, potentially resulting in regulatory penalties and loss of trust. The denial-of-service impact could disrupt charging services, affecting business continuity and customer satisfaction. Given the increasing adoption of electric vehicles and the regulatory emphasis on accurate metering, compromised charging stations could have cascading effects on energy management and billing systems. Organizations relying on these devices may face operational downtime, increased maintenance costs, and reputational damage. Furthermore, since the vulnerability is exploitable remotely without authentication, attackers could target multiple stations en masse, amplifying the impact across regions. The threat also underscores the broader risk to critical infrastructure components that integrate IoT protocols like MQTT without robust input validation.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Immediate deployment of firmware updates or patches from Phoenix Contact once available; since no patch links are currently provided, organizations should maintain close contact with the vendor for updates. 2) Implement network segmentation to isolate charging stations from broader corporate or public networks, limiting exposure to MQTT traffic from untrusted sources. 3) Employ MQTT broker authentication and encryption (e.g., TLS) to restrict access and prevent unauthorized message injection. 4) Monitor MQTT traffic for anomalous patterns indicative of exploitation attempts, such as malformed or oversized messages targeting the charging stations. 5) Conduct regular security assessments and penetration tests focusing on IoT devices and their communication protocols. 6) Establish incident response plans specific to charging infrastructure to quickly address potential denial-of-service or integrity incidents. 7) Collaborate with regulatory bodies to ensure compliance and report any anomalies related to EichrechtAgents functionality. These measures go beyond generic advice by focusing on network-level controls, vendor coordination, and operational readiness tailored to the specific product and regulatory context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- CERTVDE
- Date Reserved
- 2025-01-16T15:48:36.250Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686cc4256f40f0eb72f2425e
Added to database: 7/8/2025, 7:09:25 AM
Last enriched: 7/8/2025, 7:25:27 AM
Last updated: 8/12/2025, 7:36:03 PM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.