๐Ÿ” CVE Alert

CVE-2026-41032

HIGH 7.5

Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

CWE CWE-200
Vendor phoenix contact
Product charx sec-3150
Published Jun 3, 2026
Last Updated Jun 3, 2026
Stay Ahead of the Next One

Get instant alerts for phoenix contact charx sec-3150

Be the first to know when new high vulnerabilities affecting phoenix contact charx sec-3150 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Phoenix Contact / CHARX SEC-3150
1.0.0 < 1.9.0
Phoenix Contact / CHARX SEC-3100
1.0.0 < 1.9.0
Phoenix Contact / CHARX SEC-3050
1.0.0 < 1.9.0
Phoenix Contact / CHARX SEC-3000
1.0.0 < 1.9.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
phoenixcontact.csaf-tp.certvde.com: https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-060.json certvde.com: https://certvde.com/de/advisories/VDE-2026-060/

Credits

๐Ÿ” Piotr Ptaszek, Mateusz Wรณjcik from ZDI