Summary
Bender is publishing this advisory to inform customers about a security vulnerability in the Charge Controller product families. Bender has analyzed the weakness and determined that the electrical safety of the devices is not affected. Bender considers the weakness to be of high risk and it should be patched immediately.
Impact
The vulnerability allows an authenticated user with lower privileges to obtain credentials stored on the charge controller including the manufacturer password.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CC612 | Firmware 5.30.2<5.33.3 | |
| CC613 | Firmware 5.30.2<5.33.3 | |
| ICC13xx | Firmware 5.30.2<5.33.3 | |
| ICC16xx | Firmware 5.30.2<5.33.3 |
Vulnerabilities
Expand / Collapse allAn authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Remediation
To prevent an authenticated user from obtaining stored credentials install version 5.33.3 or later.
Acknowledgments
Bender GmbH & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- Dr. Matthias Kesenheimer, Sebastian Hamann from SySS GmbH for reporting (see https://www.syss.de )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 09/08/2025 09:00 | initial version |