Can you explain this vulnerability to me?

CVE-2025-41682 is a high-risk vulnerability in certain Bender GmbH & Co.KG charge controllers that allows an authenticated attacker with low privileges to extract stored credentials, including the manufacturer password, due to insufficient protection of these credentials. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access to the charge controller by exposing sensitive credentials, potentially allowing attackers to compromise the device's security and gain control or manipulate its functions, although it does not affect the electrical safety of the device. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves verifying the firmware version of the affected Bender charge controllers (models CC612, CC613, ICC13xx, ICC16xx). If the firmware version is between 5.30.2 and before 5.33.3, the device is vulnerable. Commands to check firmware version depend on the device interface; typically, accessing the device management interface or using vendor-specific tools or commands to query firmware version is required. Specific commands are not provided in the available resources. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the firmware of the affected charge controllers to version 5.33.3 or later, which addresses the vulnerability by protecting stored credentials. Additionally, ensure that only authenticated and authorized users have access to the device to reduce risk. [1]

Useful 0 Not Useful 0