CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations

May 21, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations
Type cve
Published 2025-05-21T12:30:08
Last Seen 2025-05-21T12:44:34

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description The vulnerability involves hard-coded certificates and private keys in the firmware of eCharge Hardy Barth cPH2 / cPP2 charging stations. This allows an attacker to intercept and decrypt HTTPS traffic to the web interface, potentially compromising sensitive data.
AI Severity High
Vendor Hardy Barth
Product eCharge cPH2 / cPP2 charging stations
Affected Version

Additional Information

CVE List CVE-2025-48417
CWE List CWE-321
Bulletin Family cve

Description

The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use…

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.