CVE-2024-28137

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.

CVSS

No CVSS.

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2024-019	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-019	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*

History

23 Jan 2025, 18:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : unknown
First Time		Phoenixcontact charx Sec-3100 Firmware Phoenixcontact charx Sec-3050 Firmware Phoenixcontact charx Sec-3100 Phoenixcontact charx Sec-3000 Firmware Phoenixcontact charx Sec-3050 Phoenixcontact charx Sec-3150 Firmware Phoenixcontact charx Sec-3000 Phoenixcontact Phoenixcontact charx Sec-3150
CPE		cpe:2.3:h:phoenixcontact:charx_sec-3000:-:::::::* cpe:2.3:h:phoenixcontact:charx_sec-3100:-:::::::* cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:::::::: cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:::::::: cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:::::::: cpe:2.3:h:phoenixcontact:charx_sec-3150:-:::::::* cpe:2.3:h:phoenixcontact:charx_sec-3050:-:::::::* cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware::::::::
References	~~() https://cert.vde.com/en/advisories/VDE-2024-019 -~~	() https://cert.vde.com/en/advisories/VDE-2024-019 - Third Party Advisory
CWE	~~CWE-367~~

14 May 2024, 19:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 16:16

Updated : 2025-01-23 18:55

NVD link : CVE-2024-28137

Mitre link : CVE-2024-28137

JSON object : View

Products Affected

phoenixcontact

charx_sec-3000
charx_sec-3050_firmware
charx_sec-3150
charx_sec-3150_firmware
charx_sec-3100
charx_sec-3050
charx_sec-3000_firmware
charx_sec-3100_firmware

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-019", "name": "https://cert.vde.com/en/advisories/VDE-2024-019", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://cert.vde.com/en/advisories/VDE-2024-019", "name": "https://cert.vde.com/en/advisories/VDE-2024-019", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local attacker with low privileges can\u00a0perform a privilege escalation with an init script due to a TOCTOU vulnerability.\n\n\n\n\n\n\n\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-28137", "ASSIGNER": "info@cert.vde.com"}}, "impact": {}, "publishedDate": "2024-05-14T16:16Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.5.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.5.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.5.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.5.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-01-23T18:55Z"}