CVE Alert: CVE-2025-41682 - Bender - CC612

CVE-2025-41682

HIGHNo exploitation known

An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.

CVSS v3.1 (8.8)

AV NETWORK · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

Bender, Bender, Bender, Bender

Product

CC612, CC613, ICC16xx, ICC13xx

Versions

5.30.2 lt 5.33.3 | 5.30.2 lt 5.33.3 | 5.30.2 lt 5.33.3 | 5.30.2 lt 5.33.3

CWE

CWE-522, CWE-522 Insufficiently Protected Credentials

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-09-08T06:38:31.579Z

Updated

2025-09-08T06:38:31.579Z

References

https://certvde.com/de/advisories/VDE-2025-061

AI Summary Analysis

Risk verdict

High risk: authenticated, low-priv attacker can read credentials stored on network-connected charge controllers, with potential for broader compromise.

Why this matters

Credentials including the manufacturer password are exposed, enabling access to management interfaces and other linked systems. This can lead to configuration changes, lateral movement, data exfiltration, and operational downtime across automated energy/industrial deployments.

Most likely attack path

An attacker must have network reach to the device and possess low-priv authentication. No user interaction is required, so authenticated access suffices to read stored credentials. Compromised credentials can then be used to access other controllers or management surfaces within the same network, facilitating wider disruption or theft.

Who is most exposed

Industries relying on charge controllers in industrial automation or energy management, especially where devices sit on local networks or are exposed to remote maintenance interfaces, are most at risk.

Detection ideas

Unusual successful reads of credential data from device storage.
Repeated authentication attempts to device management interfaces from unusual hosts.
Access logs showing credential material being exported or dumped.
Anomalous configuration or firmware access shortly after credential access events.
Correlated spikes in lateral movement attempts targeting similar devices.

Mitigation and prioritisation

Apply vendor patch to version 5.33.3 or newer; verify remediation guidance and firmware availability.
Restrict network access to management interfaces (network segmentation, allowlists, VPN-only access).
Rotate or disable exposed manufacturer credentials if supported; enforce per-device unique credentials.
Improve credential storage security on devices (minimise plaintext storage, enable encryption where feasible).
Implement change-management and monitoring for credential access events; review KEV/EPSS signals when available and escalate if indicated. If KEV true or EPSS ≥ 0.5, treat as priority 1.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: bender, cc612, cc613, CVE, cve-2025-41682, icc13xx, icc16xx, OSINT, threatintel