Search
Find a vulnerability
Search criteria
2 vulnerabilities found for icc15xx by bender
CVE-2025-41708 (GCVE-0-2025-41708)
Vulnerability from nvd – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
VLAI
EPSS
VEX
Title
Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface
Summary
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bender | CC612 |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | CC613 |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | ICC15xx |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | ICC16xx |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | ICC13xx |
Affected:
0.0.0 , ≤ all versions
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:03:02.845880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:04:06.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC612",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC613",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC15xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC16xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC13xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Matthias Kesenheimer by SySS GmbH"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Hamann by SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.\u003cbr\u003e"
}
],
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:38:50.386Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-084"
}
],
"source": {
"advisory": "VDE-2025-084",
"defect": [
"CERT@VDE#641854"
],
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41708",
"datePublished": "2025-09-08T06:38:50.386Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-08T18:04:06.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41708 (GCVE-0-2025-41708)
Vulnerability from cvelistv5 – Published: 2025-09-08 06:38 – Updated: 2025-09-08 18:04
VLAI
EPSS
VEX
Title
Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface
Summary
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bender | CC612 |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | CC613 |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | ICC15xx |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | ICC16xx |
Affected:
0.0.0 , ≤ all versions
(semver)
|
|
| Bender | ICC13xx |
Affected:
0.0.0 , ≤ all versions
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:03:02.845880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:04:06.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CC612",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CC613",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC15xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC16xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICC13xx",
"vendor": "Bender",
"versions": [
{
"lessThanOrEqual": "all versions",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Matthias Kesenheimer by SySS GmbH"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Hamann by SySS GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.\u003cbr\u003e"
}
],
"value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T06:38:50.386Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-084"
}
],
"source": {
"advisory": "VDE-2025-084",
"defect": [
"CERT@VDE#641854"
],
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41708",
"datePublished": "2025-09-08T06:38:50.386Z",
"dateReserved": "2025-04-16T11:17:48.311Z",
"dateUpdated": "2025-09-08T18:04:06.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}