CVE-2025-24004 is a medium-severity vulnerability identified in the Phoenix Contact CHARX SEC-3150 device, categorized under CWE-120, which pertains to classic buffer overflow issues. The vulnerability arises from an insecure buffer copy operation triggered when a physical attacker connects to the device's display interface via USB-C and sends a specially crafted message. This message causes an unchecked copy of data into a buffer, leading to a buffer overflow condition. The immediate consequence of this overflow is a loss of data integrity within the device and a temporary denial-of-service (DoS) state, where the affected stations become unresponsive until a watchdog timer forces a device restart. The vulnerability does not require prior authentication or user interaction, but physical access to the device's USB-C port is mandatory. The CVSS v3.1 score is 5.2, reflecting a medium severity level, with an attack vector classified as physical (AV:P), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact affects integrity and availability but not confidentiality. No known exploits are currently reported in the wild, and no patches have been published yet. The affected version is listed as 0.0.0, which likely indicates all current versions or an unspecified version state at the time of reporting. This vulnerability is significant for operational technology environments where the CHARX SEC-3150 is deployed, as it can disrupt station operations temporarily and compromise system integrity through buffer overflow exploitation.

For European organizations, particularly those in industrial automation, manufacturing, and critical infrastructure sectors relying on Phoenix Contact CHARX SEC-3150 devices, this vulnerability poses a risk of operational disruption. The temporary denial-of-service caused by the buffer overflow can halt station operations, potentially leading to production downtime, safety incidents, or delays in critical processes. The loss of integrity could also affect the reliability of system data or control commands, which is critical in industrial control systems (ICS). Although the attack requires physical access, environments with less stringent physical security or remote sites may be vulnerable to insider threats or unauthorized personnel accessing the USB-C interface. The impact on availability and integrity, even if temporary, can have cascading effects on supply chains and service delivery, especially in sectors like energy, transportation, and manufacturing prevalent in Europe. Given the medium severity and the lack of remote exploitation capability, the threat is moderate but should not be underestimated in environments where physical security is limited or where device uptime is critical.

To mitigate this vulnerability, European organizations should implement strict physical security controls around devices equipped with the CHARX SEC-3150, including restricted access to USB-C ports and monitoring of physical device interfaces. Deploy tamper-evident seals or enclosures to detect unauthorized access attempts. Network segmentation should be employed to isolate vulnerable devices from critical network segments to limit the impact of any device disruption. Organizations should also establish rigorous device monitoring and alerting to detect abnormal device behavior or unexpected restarts indicative of exploitation attempts. Until a vendor patch is available, consider disabling or physically blocking unused USB-C ports if feasible. Additionally, maintain up-to-date asset inventories to identify all affected devices and prioritize their protection. Engage with Phoenix Contact for timely updates or patches and plan for rapid deployment once available. Conduct regular security training for personnel to recognize and report suspicious physical access attempts. Finally, implement robust incident response procedures to quickly recover from any denial-of-service events caused by this vulnerability.