CVE-2026-41032— Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
Possible ATT&CK Techniques 1AI
T1213 · Data from Information RepositoriesAffected Version Matrix 4
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | CHARX SEC-3000 | 1.0.0< 1.9.0 | affected |
| Phoenix Contact | CHARX SEC-3050 | 1.0.0< 1.9.0 | affected |
| Phoenix Contact | CHARX SEC-3100 | 1.0.0< 1.9.0 | affected |
| Phoenix Contact | CHARX SEC-3150 | 1.0.0< 1.9.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41032
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers
Source: NVD (National Vulnerability Database)
Vulnerability Description
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Phoenix Contact多款产品 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Phoenix Contact CHARX SEC-3150等都是德国菲尼克斯电气(Phoenix Contact)公司的一款交流充电控制器。 Phoenix Contact多款产品存在信息泄露漏洞,该漏洞源于未经身份验证的相邻攻击者可下载日志文件,可能导致泄露受限信息。以下产品受到影响:CHARX SEC-3150、CHARX SEC-3100、CHARX SEC-3050和CHARX SEC-3000。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Phoenix Contact | CHARX SEC-3150 | 1.0.0 ~ 1.9.0 | - | |
| Phoenix Contact | CHARX SEC-3100 | 1.0.0 ~ 1.9.0 | - | |
| Phoenix Contact | CHARX SEC-3050 | 1.0.0 ~ 1.9.0 | - | |
| Phoenix Contact | CHARX SEC-3000 | 1.0.0 ~ 1.9.0 | - |
II. Public POCs for CVE-2026-41032
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41032
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-41032 (2)
IV. Related Vulnerabilities
Same product: CHARX SEC-3150
- CVE-2025-41699
Phoenix Contact: Security Advisory for CHARX SEC-3xxx chargi - CVE-2025-25271
OCPP Backend Configuration via Insecure Defaults - CVE-2025-25270
Remote Code Execution via Unauthenticated Configuration Mani - CVE-2025-25269
Local Privilege Escalation via Unauthenticated Command Injec - CVE-2025-25268
Unauthenticated Configuration Access via Exposed API Endpoin
Same vendor: Phoenix Contact
- CVE-2025-41669
Insufficient Verification of Data Authenticity - CVE-2025-41670
Untrusted Search Path - CVE-2024-43384
Phoenix Contact: Improper removal of sensitive information i - CVE-2026-22323
Cross‑Site Request Forgery in Link Aggregation Configuration - CVE-2026-22322
Stored Cross‑Site Scripting in Link Aggregation Name Handlin
Same weakness: CWE-200
- CVE-2026-56214
Capgo - Unauthenticated Organization Enumeration and Billing - CVE-2026-56079
Capgo - Cross-Tenant Authorization Bypass via PostgREST Webh - CVE-2026-49288
Statamic CMS missing authorization on Control Panel fieldtyp - CVE-2026-12620
Access Token Exposure in URL Parameters in GridTime™ 3000 GN - CVE-2026-47633
Microsoft Cost Management Information Disclosure Vulnerabili
V. Comments for CVE-2026-41032
No comments yet