Bender Charge Controller Vulnerability

VDE-2025-084

Last update

08.09.2025 09:00

Published at

08.09.2025 09:00

Vendor(s)

Bender GmbH & Co. KG

External ID

VDE-2025-084

CSAF Document

Download

Summary

Bender is publishing this advisory to inform customers about a security vulnerability in the Charge Controller product families. Bender has analyzed the weakness and determined that the electrical safety of the devices is not affected. Bender considers the weakness to be of high risk and it should be patched immediately.

Impact

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface.

Affected Product(s)

Model no.	Product name	Affected versions
	CC612	Firmware vers:all/*
	CC613	Firmware vers:all/*
	ICC13xx	Firmware vers:all/*
	ICC15xx	Firmware vers:all/*
	ICC16xx	Firmware vers:all/*

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Weakness

Cleartext Transmission of Sensitive Information (CWE-319)

Summary

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.

References

cve.org | nvd.nist.gov

Mitigation

To use HTTPS on the web interface, enable it in the settings.

Revision History

Version	Date	Summary
1	08.09.2025 09:00	initial version

Bender Charge Controller Vulnerability - Unsecure Communication

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2025-41708 7.4

Mitigation

Revision History