Search criteria
4 vulnerabilities found for cc612 by bender
CVE-2025-41708 (GCVE-0-2025-41708)
Vulnerability from cvelistv5 – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
VLAI?
Summary
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity ?
7.4 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Credits
Dr. Matthias Kesenheimer by SySS GmbH
Sebastian Hamann by SySS GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:03:02.845880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:04:06.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC612",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC613",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC15xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC16xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC13xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Matthias Kesenheimer by SySS GmbH"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Hamann by SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.\u003cbr\u003e"
}
],
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:38:50.386Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-084"
}
],
"source": {
"advisory": "VDE-2025-084",
"defect": [
"CERT@VDE#641854"
],
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41708",
"datePublished": "2025-09-08T06:38:50.386Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-08T18:04:06.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41682 (GCVE-0-2025-41682)
Vulnerability from cvelistv5 – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
VLAI?
Summary
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Severity ?
8.8 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Credits
Dr. Matthias Kesenheimer by SySS GmbH
Sebastian Hamann by SySS GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:04:27.258671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:04:43.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC612",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC613",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC16xx",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC13xx",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Matthias Kesenheimer by SySS GmbH"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Hamann by SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.\u003cbr\u003e"
}
],
"value": "An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:38:31.579Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-061"
}
],
"source": {
"advisory": "VDE-2025-061",
"defect": [
"CERT@VDE#641819"
],
"discovery": "UNKNOWN"
},
"title": "Credential Disclosure via Insecure Storage on Charge Controller",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41682",
"datePublished": "2025-09-08T06:38:31.579Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-09-08T18:04:43.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41708 (GCVE-0-2025-41708)
Vulnerability from nvd – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
VLAI?
Summary
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity ?
7.4 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Credits
Dr. Matthias Kesenheimer by SySS GmbH
Sebastian Hamann by SySS GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:03:02.845880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:04:06.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC612",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC613",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC15xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC16xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC13xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Matthias Kesenheimer by SySS GmbH"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Hamann by SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.\u003cbr\u003e"
}
],
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:38:50.386Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-084"
}
],
"source": {
"advisory": "VDE-2025-084",
"defect": [
"CERT@VDE#641854"
],
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41708",
"datePublished": "2025-09-08T06:38:50.386Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-08T18:04:06.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41682 (GCVE-0-2025-41682)
Vulnerability from nvd – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
VLAI?
Summary
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Severity ?
8.8 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Credits
Dr. Matthias Kesenheimer by SySS GmbH
Sebastian Hamann by SySS GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:04:27.258671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:04:43.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC612",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC613",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC16xx",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC13xx",
"vendor": "Bender",
"versions": [
{
"lessThan": "5.33.3",
"status": "affected",
"version": "5.30.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Matthias Kesenheimer by SySS GmbH"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Hamann by SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.\u003cbr\u003e"
}
],
"value": "An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:38:31.579Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-061"
}
],
"source": {
"advisory": "VDE-2025-061",
"defect": [
"CERT@VDE#641819"
],
"discovery": "UNKNOWN"
},
"title": "Credential Disclosure via Insecure Storage on Charge Controller",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41682",
"datePublished": "2025-09-08T06:38:31.579Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-09-08T18:04:43.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}