CVE-2025-24003
📋 TL;DR
An unauthenticated remote attacker can send malicious MQTT messages to trigger buffer overflow vulnerabilities in charging stations compliant with German Calibration Law (Eichrecht). This allows attackers to compromise the integrity of EichrechtAgents and potentially cause denial-of-service conditions for affected charging stations.
💻 Affected Systems
- Charging stations compliant with German Calibration Law (Eichrecht)
📦 What is this software?
Charx Sec 3000 Firmware by Phoenixcontact
Charx Sec 3050 Firmware by Phoenixcontact
Charx Sec 3100 Firmware by Phoenixcontact
Charx Sec 3150 Firmware by Phoenixcontact
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of charging station functionality leading to service disruption, potential safety issues if charging operations are affected, and integrity loss of calibration data required by German law.
Likely Case
Denial-of-service attacks that render charging stations inoperable, disrupting electric vehicle charging services and potentially causing financial losses for operators.
If Mitigated
Limited impact if proper network segmentation and MQTT authentication are implemented, though some service disruption may still occur.
🎯 Exploit Status
Exploitation requires sending specially crafted MQTT messages to vulnerable charging stations. No authentication is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available information
Vendor Advisory: https://certvde.com/en/advisories/VDE-2025-014
Restart Required: Yes
Instructions:
1. Contact charging station manufacturer for specific firmware updates. 2. Apply firmware patches addressing CWE-120 buffer overflow vulnerabilities. 3. Restart charging stations after patching. 4. Verify MQTT message handling is secure.
🔧 Temporary Workarounds
Network Segmentation
allIsolate charging station MQTT interfaces from untrusted networks
MQTT Authentication
allImplement authentication for MQTT communications
🧯 If You Can't Patch
- Implement strict network access controls to limit MQTT traffic to trusted sources only
- Deploy intrusion detection systems to monitor for anomalous MQTT traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check if charging station uses MQTT protocol for Eichrecht compliance and review firmware version against manufacturer advisoriesCheck Version:
Manufacturer-specific command to check firmware version (consult device documentation)Verify Fix Applied:
Verify firmware has been updated to patched version and test MQTT message handling with security testing tools📡 Detection & Monitoring
Log Indicators:
- Unusual MQTT message patterns
- Charging station restart events
- Buffer overflow error messages in system logs
Network Indicators:
- Malformed MQTT packets to charging station ports
- Unusual traffic volume to MQTT ports (typically 1883/8883)
SIEM Query:
source="charging_station" AND (protocol="mqtt" AND (message_size>threshold OR malformed_packet=true))