Mcclaulay Hudson

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact CHARX SEC-3100 CharxUpdateAgent (affected versions not specified) **Description** An unauthenticated remote attacker can upload an arbitrary script file due to improper input validation. The upload destination is fixed and is write only. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 (affected versions not specified) Description: The issue is related to improper input validation and a missing authentication procedure, allowing an unauthenticated remote attacker to modify configurations. This can lead to remote code execution, gaining root rights, or performing a Denial of Service (DoS). The vulnerability is associated with the CharxSystemConfigManager service of the Phoenix Contact CHARX SEC-3100 modular charging controllers. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.