HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-41032Published Modified CNA CERTVDE

CVE-2026-41032: Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
1.9.0
Affected Products
4

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An unauthenticated log download vulnerability affects the firmware of Phoenix Contact CHARX SEC-3xxx series EV charging controllers (models SEC-3000, SEC-3050, SEC-3100, and SEC-3150) running versions 1.0.0 through 1.8.x. The flaw is reachable over the network without any credentials, and no user interaction is required. Successful exploitation allows an attacker to download controller log files, which may expose restricted or sensitive operational information. A patched-image rebuild at firmware version 1.9.0 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-41032 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images derived from affected CHARX SEC-3xxx firmware versions. Any image in a customer registry or CI/CD pipeline running a vulnerable firmware version (1.0.0 to below 1.9.0) is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 7.5 (HIGH) and weighting it against each environment's compliance policy to prioritize severity routing. Findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at firmware version 1.9.0 becomes available on HarborGuard once the upstream fix is confirmed for a given image. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the controller over the network; the CVSS vector specifies AV:N, meaning the vulnerable endpoint is exposed over-the-network.

  • AuthenticationNot required

    No credentials are needed; PR:N indicates the attacker requires no prior authentication to trigger the log download.

  • Victim interactionNot required

    No user action is needed to complete the attack; UI:N means exploitation is fully attacker-driven.

  • Attack complexityDetail

    Attack complexity is low (AC:L), meaning the exploit is reliable and requires no special conditions, race conditions, or environmental factors to succeed.

Blast Radius

  • Reads controller log files that may contain restricted operational data, configuration details, or credential fragments logged during normal operation.
  • Exposes device activity history that could help an attacker map the charging network topology or identify maintenance windows.
  • Does not modify any data or disrupt service availability; confidentiality impact is high while integrity and availability are unaffected.

How HarborGuard Handles This

Available on HarborGuard: detection is matched against all images in customer registries and pipelines within minutes of advisory ingestion, with findings scored at CVSS 7.5 HIGH. Where compliance policy permits, a rebuild of affected images at the patched firmware version 1.9.0 is triggered automatically. For customers who opt into auto-remediation, the flow includes a regression-test run and a pull request opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For environments where auto-remediation is not enabled, the finding is surfaced in the dashboard and routed to the responsible team for manual action. If upgrading to 1.9.0 is not immediately possible, network-policy isolation of CHARX SEC-3xxx controllers to restrict inbound log-endpoint access from untrusted network segments is a viable compensating control until the patched image is deployed.

See how HarborGuard automates this

Fix available

1.9.0
Affected packages
  • Phoenix Contact / CHARX SEC-3150
    < 1.9.0 (from 1.0.0)
  • Phoenix Contact / CHARX SEC-3100
    < 1.9.0 (from 1.0.0)
  • Phoenix Contact / CHARX SEC-3050
    < 1.9.0 (from 1.0.0)
  • Phoenix Contact / CHARX SEC-3000
    < 1.9.0 (from 1.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References