Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-25271

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-08 Jul, 2025 | 07:01
Updated At-22 Jul, 2025 | 07:50
Rejected At-
Credits

OCPP Backend Configuration via Insecure Defaults

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:08 Jul, 2025 | 07:01
Updated At:22 Jul, 2025 | 07:50
Rejected At:
▼CVE Numbering Authority (CNA)
OCPP Backend Configuration via Insecure Defaults

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

Affected Products
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
CHARX SEC-3150
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.7.3 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
CHARX SEC-3100
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.7.3 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
CHARX SEC-3050
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.7.3 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
CHARX SEC-3000
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.7.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1188CWE-1188 Insecure Default Initialization of Resource
Type: CWE
CWE ID: CWE-1188
Description: CWE-1188 Insecure Default Initialization of Resource
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://certvde.com/de/advisories/VDE-2025-019
N/A
Hyperlink: https://certvde.com/de/advisories/VDE-2025-019
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:08 Jul, 2025 | 07:15
Updated At:11 Jul, 2025 | 14:37

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3000_firmware>>Versions before 1.7.3(exclusive)
cpe:2.3:o:phoenixcontact:charx_sec-3000_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3000>>-
cpe:2.3:h:phoenixcontact:charx_sec-3000:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3050_firmware>>Versions before 1.7.3(exclusive)
cpe:2.3:o:phoenixcontact:charx_sec-3050_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3050>>-
cpe:2.3:h:phoenixcontact:charx_sec-3050:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3100_firmware>>Versions before 1.7.3(exclusive)
cpe:2.3:o:phoenixcontact:charx_sec-3100_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3100>>-
cpe:2.3:h:phoenixcontact:charx_sec-3100:-:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3150_firmware>>Versions before 1.7.3(exclusive)
cpe:2.3:o:phoenixcontact:charx_sec-3150_firmware:*:*:*:*:*:*:*:*
Phoenix Contact GmbH & Co. KG
phoenixcontact
>>charx_sec-3150>>-
cpe:2.3:h:phoenixcontact:charx_sec-3150:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1188Primaryinfo@cert.vde.com
CWE ID: CWE-1188
Type: Primary
Source: info@cert.vde.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://certvde.com/de/advisories/VDE-2025-019info@cert.vde.com
Third Party Advisory
Hyperlink: https://certvde.com/de/advisories/VDE-2025-019
Source: info@cert.vde.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-25268
Matching Score-8
Assigner-CERT@VDE
ShareView Details
Matching Score-8
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:00
Updated-11 Jul, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Configuration Access via Exposed API Endpoint

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-charx_sec-3100charx_sec-3150charx_sec-3050_firmwarecharx_sec-3050charx_sec-3100_firmwarecharx_sec-3150_firmwarecharx_sec-3000_firmwarecharx_sec-3000CHARX SEC-3050CHARX SEC-3150CHARX SEC-3100CHARX SEC-3000
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-12736
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.47% / 64.89%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 04:00
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xr-500scalance_xr300-wg_firmwarescalance_xm-400_firmwarescalance_xc-200ruggedcomruggedcom_rsl910scalance_xb-200_firmwarescalance_xc-200_firmwarescalance_xr300-wgscalance_xr-500_firmwarescalance_xm-400scalance_xb-200ruggedcom_rosscalance_xp-200_firmwarescalance_xp-200RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XSCALANCE XB213-3 (ST, E/IP)RUGGEDCOM RS401NCSCALANCE XC208SCALANCE XR326-2C PoE WGRUGGEDCOM RSG2100PNC (32M) V4.XSCALANCE XC216-4C G EECRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XSCALANCE XP208RUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600SCALANCE XP208GRUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XSCALANCE XP216EEC (V2)RUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CSIPLUS NET SCALANCE XC208RUGGEDCOM RS8000NCRUGGEDCOM RS900NC(32M) V4.XSCALANCE XB205-3LD (SC, E/IP)SCALANCE XP216RUGGEDCOM RS920LSCALANCE XP208PoE EECRUGGEDCOM RMC8388 V4.XSCALANCE XB213-3LD (SC, PN)RUGGEDCOM RS8000HSCALANCE XF204-2BARUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCSCALANCE XC216-4C G (EIP Def.)SCALANCE XF204 DNASCALANCE XR526-8C, 1x230VRUGGEDCOM RS900GSCALANCE XP216GSCALANCE XC206-2G PoE EEC (54 V DC)RUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WSCALANCE XC216RUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CSCALANCE XB206-2 (ST/BFOC)SCALANCE XC206-2 (ST/BFOC)SCALANCE XF204GRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)RUGGEDCOM RSG909RSCALANCE XP208EECSCALANCE XP216G PoE EECRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PSCALANCE XR524-8C, 24VSCALANCE XF204-2BA DNARUGGEDCOM RSG920P V5.XSCALANCE XC206-2 (SC)RUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FSCALANCE XC208EECRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RSCALANCE XC208GSCALANCE XR524-8C, 2x230V (L3 int.)RUGGEDCOM RSG2300P V5.XSCALANCE XB216 (E/IP)SCALANCE XF204SCALANCE XR528-6MSCALANCE XP208G EECRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XSCALANCE XC206-2SFP GSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XB205-3 (ST, E/IP)SCALANCE XB206-2 SCSIPLUS NET SCALANCE XC216-4CSCALANCE XC208G PoERUGGEDCOM RS940GNCSCALANCE XC224-4C G (EIP Def.)RUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XSCALANCE XM408-8C (L3 int.)RUGGEDCOM RMC30SCALANCE XM408-8CSCALANCE XP208G PPSCALANCE XB213-3LD (SC, E/IP)SCALANCE XB205-3LD (SC, PN)SCALANCE XB205-3 (SC, PN)SCALANCE XP216POE EECRUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TSCALANCE XR552-12MRUGGEDCOM RS900G (32M) V5.XSCALANCE XP216 (V2)RUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RSG2488NC V4.XSCALANCE XB206-2 LDRUGGEDCOM RP110RUGGEDCOM i801SCALANCE XC208G (EIP def.)RUGGEDCOM RS416v2 V4.XSCALANCE XR528-6M (L3 int.)RUGGEDCOM RS416NCv2 V4.XSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XR552-12M (2HR2, L3 int.)RUGGEDCOM RS8000TNCSCALANCE XB205-3 (ST, PN)SCALANCE XB208 (E/IP)RUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XSCALANCE XP216G EECRUGGEDCOM RS920WRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XSCALANCE XP208G PoE EECRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900SCALANCE XR524-8C, 1x230VSCALANCE XC206-2G PoE (54 V DC)RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCSCALANCE XB213-3 (ST, PN)RUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XSCALANCE XR526-8C, 24V (L3 int.)SIPLUS NET SCALANCE XC206-2RUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XSCALANCE XC208G PoE (54 V DC)RUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XSCALANCE XB206-2 STSIPLUS NET SCALANCE XC206-2SFPRUGGEDCOM M2200NCSCALANCE XC206-2G PoERUGGEDCOM RS8000ASCALANCE XB213-3 (SC, PN)RUGGEDCOM i803RUGGEDCOM RSG2100PNCSCALANCE XC216-3G PoE (54 V DC)RUGGEDCOM RSG920PNC V5.XSCALANCE XM416-4C (L3 int.)RUGGEDCOM RSG2100NCSCALANCE XR524-8C, 24V (L3 int.)SCALANCE XC224RUGGEDCOM RP110NCSCALANCE XR526-8C, 24VRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416SCALANCE XR528-6M (2HR2)SCALANCE XC206-2SFP EECSCALANCE XR552-12M (2HR2)RUGGEDCOM RST2228PRUGGEDCOM i800SCALANCE XM408-4CRUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XSCALANCE XC216-4C GSCALANCE XC216EECRUGGEDCOM RS416NCv2 V5.XSCALANCE XC216-3G PoESCALANCE XP216PoE EEC (V2)SCALANCE XR524-8C, 1x230V (L3 int.)RUGGEDCOM RSG2100 (32M) V4.XSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB206-2LDSCALANCE XC224-4C G EECRUGGEDCOM RSL910SCALANCE XB208 (PN)SCALANCE XC206-2SFP G EECSCALANCE XP216 (Ethernet/IP)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR328-4C WG (28xGE, DC 24V)RUGGEDCOM RST916CRUGGEDCOM RS900GPRUGGEDCOM RS900GPNCSCALANCE XR324WG (24 x FE, AC 230V)RUGGEDCOM RSG2488 V4.XSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XR524-8C, 2x230VRUGGEDCOM i802SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)RUGGEDCOM RS900GNC(32M) V5.XSCALANCE XC216-4CSCALANCE XB216 (PN)SCALANCE XM416-4CSCALANCE XP216EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)RUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XSCALANCE XC224-4C GSCALANCE XR328-4C WG (28xGE, AC 230V)RUGGEDCOM i802NCRUGGEDCOM i803NCSCALANCE XB213-3 (SC, E/IP)RUGGEDCOM M2100SCALANCE XC208G EECRUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCSCALANCE XR326-2C PoE WG (without UL)SCALANCE XM408-4C (L3 int.)RUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCSCALANCE XR526-8C, 2x230VSCALANCE XB206-2 (SC)SCALANCE XC206-2SFPRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-665
Improper Initialization
CVE-2025-31930
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.15% / 34.77%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions < V2.135), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions < V2.135), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions < V2.135), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions < V2.135), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions < V2.135), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions < V2.135), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions < V2.135). Affected devices contain Modbus service enabled by default. This could allow an attacker connected to the same network to remotely control the EV charger.

Action-Not Available
Vendor-Siemens AG
Product-IEC 3Ph 22kW Child socket/ shutterIEC 1Ph 7.4kW Parent socket incl. SIMUL Commercial Parent 48A (USPS)UL Commercial Child 40A w/ 15118 HWIEC 1Ph 7.4kW Child socket/ shutterIEC 1Ph 7.4kW Parent cable 7m incl. SIMIEC ERK 3Ph 22 kW Parent socket incl. SIUL Commercial Parent 48A BA CompliantIEC 1Ph 7.4kW Parent socket/ shutterIEC 3Ph 22kW Parent socket incl. SIMVersiCharge Blue™ 80A AC CellularUL Commercial Child 48A w/ 15118 HWUL Commercial Parent 40A with SimcardIEC 3Ph 22kW Parent cable 7m incl. SIMIEC ERK 3Ph 22 kW Child cable 7mUL Commercial Parent 48A,15118 25ft SimUL Commercial Parent 48A, 15118, 25ftIEC ERK 3Ph 22 kW Child socketIEC 1Ph 7.4kW Parent socket/ shutter SIMIEC 3Ph 22kW Parent cable 7mUL Commercial Child 48A BA CompliantIEC 3Ph 22kW Parent socket/ shutterUL Commercial Cellular 48A NTEPIEC 3Ph 22kW Child cable 7mIEC 1Ph 7.4kW Parent cable 7mIEC 3Ph 22kW Parent socket/ shutter SIMIEC 3Ph 22kW Parent socketIEC ERK 3Ph 22 kW Parent socketUL Commercial Parent 48A with Simcard BAIEC 1Ph 7.4kW Parent socketIEC 3Ph 22kW Child socketIEC 1Ph 7.4kW Child socket
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2018-17906
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.65%
||
7 Day CHG~0.00%
Published-19 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.

Action-Not Available
Vendor-n/aPhilips
Product-intellispace_pacsisite_pacsPhilips iSite and IntelliSpace PACS
CWE ID-CWE-521
Weak Password Requirements
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2617
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 15:32
Updated-23 Feb, 2026 | 10:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-beetelBeetel
Product-777vr1_firmware777vr1777VR1
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
Details not found