PT-2025-36445 · Unknown · Bender Charge Controller Icc15Xx+4
Dr. Matthias Kesenheimer
+1
·
Published
2025-09-08
·
Updated
2025-09-13
·
CVE-2025-41708
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Bender Charge Controller product families (including CC612, CC613, ICC13xx, ICC15xx, ICC16xx)
Description:
The web interface uses HTTP instead of HTTPS due to an insecure default configuration. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bender Charge Controller Cc612
Bender Charge Controller Cc613
Bender Charge Controller Icc13Xx
Bender Charge Controller Icc15Xx
Bender Charge Controller Icc16Xx