Pwn2Own Automotive 2026

At the latest edition of Pwn2Own Automotive, our member Julien Cohen-Scali demonstrated a successful exploitation of the Phoenix Contact CHARX SEC-3150 in the Level 2 Electric Vehicle Chargers Category as part of his FuzzingLabs job ! We all congratulate him for this achievement !

Here is a description of the device according to the documentation:

The electronics modules of the charging controllers feature the functions and interfaces re-
quired to perform a charging process in a typical AC charging station.
Charging point-specific interfaces and functions
– Interface for vehicle charging connector and infrastructure charging socket with control
of locking mechanism and automatic release of the charging connector in the event of
voltage failure
– Control of the charging contactor
– Connection option for an RFID reader for user release
– Connection option for a sensor for DC residual current detection
– Connection option for an energy measuring device to record the current charging cur-
rent and energy values
– Digital inputs with configurable function assignment
– Digital outputs with configurable function assignment
– Temperature measurement via Pt 1000 sensors or PTC chains
An embedded system with Linux operating system is also integrated in the
CHARX SEC-3xxx charging controllers. This system is the platform for the higher-level ap-
plication software used to control the charging processes and to communicate with external
systems

At Pwn2Own, Julien managed to demonstrate a successful exploitation of the device with root privileges, thus controlling the charging infrastructure and potentially compromising the security of the charging station, and maybe later compromise vehicles connecting to it. The Charx SEC-3150 is a critical part of the charging infrastructure, and its security is of utmost importance. We all congratulate Julien for this achievement !