{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41708", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.311Z", "datePublished": "2025-09-08T06:38:50.386Z", "dateUpdated": "2025-09-08T18:04:06.675Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CC612", "vendor": "Bender", "versions": [{"lessThanOrEqual": "all versions", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CC613", "vendor": "Bender", "versions": [{"lessThanOrEqual": "all versions", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "ICC15xx", "vendor": "Bender", "versions": [{"lessThanOrEqual": "all versions", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "ICC16xx", "vendor": "Bender", "versions": [{"lessThanOrEqual": "all versions", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "ICC13xx", "vendor": "Bender", "versions": [{"lessThanOrEqual": "all versions", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dr. Matthias Kesenheimer by SySS GmbH"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sebastian Hamann by SySS GmbH"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.<br>"}], "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-09-08T06:38:50.386Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-084"}], "source": {"advisory": "VDE-2025-084", "defect": ["CERT@VDE#641854"], "discovery": "UNKNOWN"}, "title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T18:03:02.845880Z", "id": "CVE-2025-41708", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T18:04:06.675Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41708", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-08T18:03:02.845880Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T18:03:10.228Z"}}], "cna": {"title": "Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface", "source": {"defect": ["CERT@VDE#641854"], "advisory": "VDE-2025-084", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dr. Matthias Kesenheimer by SySS GmbH"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sebastian Hamann by SySS GmbH"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Bender", "product": "CC612", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Bender", "product": "CC613", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Bender", "product": "ICC15xx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Bender", "product": "ICC16xx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "all versions"}], "defaultStatus": "unaffected"}, {"vendor": "Bender", "product": "ICC13xx", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "all versions"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-084"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.", "supportingMedia": [{"type": "text/html", "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-09-08T06:38:50.386Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41708", "state": "PUBLISHED", "dateUpdated": "2025-09-08T18:04:06.675Z", "dateReserved": "2025-04-16T11:17:48.311Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-09-08T06:38:50.386Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission."}], "id": "CVE-2025-41708", "lastModified": "2025-09-08T16:25:38.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2025-09-08T07:15:36.523", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2025-084"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"created": "2025-09-15T10:43:30.744926+00:00", "updated": "2025-09-15T10:43:30.744976+00:00", "vendors": ["bender", "bender$PRODUCT$cc612", "bender$PRODUCT$cc613", "bender$PRODUCT$icc13xx", "bender$PRODUCT$icc15xx", "bender$PRODUCT$icc16xx"]}