VDE-2025-061
Last update
09/08/2025 09:00
Published at
09/08/2025 09:00
Vendor(s)
Bender GmbH & Co. KG
External ID
VDE-2025-061
CSAF Document
Summary
Bender is publishing this advisory to inform customers about a security vulnerability in the Charge Controller product families. Bender has analyzed the weakness and determined that the electrical safety of the devices is not affected. Bender considers the weakness to be of high risk and it should be patched immediately.
Impact
The vulnerability allows an authenticated user with lower privileges to obtain credentials stored on the charge controller including the manufacturer password.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CC612 | Firmware 5.30.2<5.33.3 | |
| CC613 | Firmware 5.30.2<5.33.3 | |
| ICC13xx | Firmware 5.30.2<5.33.3 | |
| ICC16xx | Firmware 5.30.2<5.33.3 |
Vulnerabilities
Expand / Collapse all
Published
09/22/2025 14:57
Severity
Weakness
Insufficiently Protected Credentials (CWE-522)
Summary
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
References
Remediation
To prevent an authenticated user from obtaining stored credentials install version 5.33.3 or later.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 09/08/2025 09:00 | initial version |