General

1. Reporting vulnerabilities

To report a security vulnerability, use the contact info provided at:

• (EN) https://www.bender.de/en/cert
• (DE) https://www.bender.de/cert

2. Helpful resources

• (Germany) BSI homepage
• (Germany) BSI: Empfehlung für IT-Hersteller zur Handhabung von Schwachstellen
• (USA) NSA: Cybersecurity Advisories & Guidance

3. Password management

One of the RFID cards supplied can be specified as the master card when changing the password under System > Password.
This card can be used to reset the charging station to factory settings if access is no longer possible.
Label and store this card securely to prevent unauthorized use.

4. Security-related settings to check

These are important settings and features you should review on every Charge Controller before going live. They help protect the device, your network, and your users.

Category	Setting	Recommended or Default	Why it matters
Network	WAN Router	Off	Routing to a mobile network may expose private traffic.
	SMTP connection security	Use TLS or STARTTLS	Unencrypted email can expose credentials.
Backend	OCPP Backend URL	Should start with wss://	Plain WebSocket (ws://) is insecure and may leak data.
	OCPP cipher strictness	Only secure ciphers (TLS1.2+)	Prevents use of outdated encryption algorithms.
	Basic Auth password	Avoid unless over wss://	Never use basic auth over an unencrypted connection.
	SSL strictness (as client)	Full validation	Helps prevent impersonation of the backend.
Authorization	Free Charging	Off	Anyone could start charging without control.
	Secure RFID enforcement	On	Regular RFID cards can be copied. Secure types are better.
	Autocharge	Off	MAC-based charging can be spoofed.
	ISO 15118 cipher strictness	Standard	Ensures only safe TLS ciphers are used.
Load Management	Modbus TCP Server	Off	Modbus is not encrypted — use only in protected networks.
	SEMP interface	Off	Also insecure — avoid unless absolutely needed.
	DLM Master/Slave (hierarchical)	Off	Should be used only in trusted network environments.
	ASKI over OCPP-S	Off	OCPP-S is outdated and insecure.
System	Log level	INFO or WARN	Logging too much (e.g. DEBUG) might leak sensitive info.
	HTTPS for web interface	On	Using HTTP might expose passwords and settings.
	Certificate setup	Proper CA installed	Devices need trusted certificates to avoid impersonation risks.
	USB script execution	Off	Arbitrary scripts could damage or hijack the device.
Config UI	Web Interface	2.0 only	Web UI 1.0 uses weak authentication and is being phased out.
Manufacturer	OCPP meter IP	Should not use Modbus TCP	Modbus is easy to spoof; use authenticated meter protocols.
	SSH access	Off by default	Reduces risk of attacks via default manufacturer credentials.
	Tamper detection sensor	On	Helps detect physical manipulation attempts.
	Signed software updates	On	Prevents untrusted software from being installed.
	Manufacturer password	Unique per device	Shared or guessable passwords are a huge security risk.
	Password change enforcement	On	Prompts users to replace insecure default credentials.
	Strong password enforcement	On	Prevents easy-to-guess passwords (e.g. "1234" or "admin").
	Enable diagnostic reports	Off	Only enable if needed — may contain private data.

5. Intentionally open ports

Knowing which ports are open and for what purpose and for which protocols can help in several ways:

• It helps to understand the communication between the Charge Controller and other devices
• It can be used to configure firewalls and additional security measures

info

This info applies to firmware version >= 5.x

Purpose	Ports	Info
HTTP communication	80, 81, 82, 443, 444, 445	To enable universal access to the web server of an OCPP Master Charge Controller via the OCPP Slave Charge Controller, port 81 is accessible and will forward to port 80 on the Master Charge Controller from a Slave Charge Controller or to port 80 on the Master Charge Controller itself. To enable universal access to the web server of an OCPP Slave Charge Controller via the OCPP Master Charge Controller (for instance, via through GSM), port 82 is accessible and will forward to port 80 on the Slave Charge Controller from a Master Charge Controller or to port 80 on itself on the Slave Charge Controller. Starting with firmware v5.29.x the local web server supports HTTPS. If enabled, the ports 443, 444 and 445 are occupied following the same pattern
SSH communication	22, 23, 24	To enable universal access to the SSH server of an OCPP Master Charge Controller via the OCPP Slave Charge Controller, port 23 is accessible and will forward to port 22 on the Master Charge Controller from a Slave Charge Controller or to port 22 on the Master Charge Controller itself. To enable universal access to the web server of an OCPP Slave Charge Controller via the OCPP Master Charge Controller (for instance, through GSM), port 24 is accessible and will forward to port 22 on the Slave Charge Controller from a Master Charge Controller or to port 22 on the Slave Charge Controller itself
WAN forwarding	53
OCPP-S	8090 (configurable)	The incoming connections on this port can optionally be protected by TLS or by only allowing a configurable whitelist of IP addresses to connect. Without such protection OCPP-S can be deemed non-secured and the network needs to provide the necessary security from malicious outside connections. OCPP-S has been discountinued since v5.32 and above.
OCPP and DLM Master	1600, 1601	To allow for OCPP or DLM communication, the Charge Controller opens the TCP ports 1600 and 1601 and accepts TLS encrypted incoming connections from Slave Charge Controllers
Modbus TCP Slave	502 (configurable)	The Charge Controller allows to configure Modbus TCP as a protocol to interact with energy management systems. The port for this purpose is 502 by default. It is configurable. Modbus TCP is generally not TLS encrypted and also not protected via a password. Because of this security needs to be achieved by securing the network itself
SEMP and UPnP broadcasting	8888	The Charge Controller allows the SMA Energy management protocol (SEMP) to be configured for use with SMA energy managers. The SEMP protocol is mainly based on HTTP communication via port 8888. For device detection UpnP is used which is based on UDP broadcasts. Like in modbus there is no security via TLS or password protection and hence the network needs to be secured
EEBUS and MDNS	4711	EEBUS is a communication protocol for energy managers that is supported by the Charge Controller. TCP connections are established by both the Charge Controller and the energy manager. For the latter the Charge Controller listens on Port 4711. Device discovery is done through MDNS broadcasting. EEBUS makes deliberate use of TLS and both client and server certificates, thus making it significantly more secure than Modbus TCP and SEMP for energy management purposes
ISO 15118	15118, 15119, 15120	Some variants of the Charge Controller support communication with the vehicle through ISO 15118. The communication is established by the vehicle while the Charge Controller acts as a limited TCP server. Limited: Only PLC and only IPv6 as specified by ISO 15118. The port 15118 is used by the car for sending and by the Charge Controller for receiving broadcasts for device discovery. Afterwards the Charge Controller communicates through the TCP ports 15119 and 15120 without and with TLS encryption depending on the configuration and available certificates