Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ICC15xx by Bender

    CVE-2025-41708 (GCVE-0-2025-41708)

    Vulnerability from nvd – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
    VLAI
    Title
    Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface
    Summary
    Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bender CC612 Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender CC613 Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender ICC15xx Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender ICC16xx Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender ICC13xx Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Credits
    Dr. Matthias Kesenheimer by SySS GmbH Sebastian Hamann by SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-08T18:03:02.845880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-08T18:04:06.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CC612",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CC613",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICC15xx",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICC16xx",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICC13xx",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dr. Matthias Kesenheimer by SySS GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sebastian Hamann by SySS GmbH"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.\u003cbr\u003e"
                }
              ],
              "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-08T06:38:50.386Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-084"
            }
          ],
          "source": {
            "advisory": "VDE-2025-084",
            "defect": [
              "CERT@VDE#641854"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41708",
        "datePublished": "2025-09-08T06:38:50.386Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2025-09-08T18:04:06.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41708 (GCVE-0-2025-41708)

    Vulnerability from cvelistv5 – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
    VLAI
    Title
    Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface
    Summary
    Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bender CC612 Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender CC613 Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender ICC15xx Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender ICC16xx Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Bender ICC13xx Affected: 0.0.0 , ≤ all versions (semver)
    Create a notification for this product.
    Credits
    Dr. Matthias Kesenheimer by SySS GmbH Sebastian Hamann by SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-08T18:03:02.845880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-08T18:04:06.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CC612",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CC613",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICC15xx",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICC16xx",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ICC13xx",
              "vendor": "Bender",
              "versions": [
                {
                  "lessThanOrEqual": "all versions",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dr. Matthias Kesenheimer by SySS GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Sebastian Hamann by SySS GmbH"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.\u003cbr\u003e"
                }
              ],
              "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-08T06:38:50.386Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-084"
            }
          ],
          "source": {
            "advisory": "VDE-2025-084",
            "defect": [
              "CERT@VDE#641854"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41708",
        "datePublished": "2025-09-08T06:38:50.386Z",
        "dateReserved": "2025-04-16T11:17:48.311Z",
        "dateUpdated": "2025-09-08T18:04:06.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }