Contact

Become a partner

Are you looking for a suitable solution?

Compleo Security Advisory on Vulnerabilities in P5-Based Products

Overall Severity: HIGH
Advisory-ID CCS-SA-2026-0001 | Version 1 · final | Current Release 2026-06-22 | Publisher Compleo Charging Solutions GmbH & Co. KG

Overview and general notes

 

Summary

This advisory describes the vulnerabilities CCS-VUL-2026-0001, CCS-VUL-2026-0002, CCS-VUL-2026-0004, and CCS-VUL-2026-0005 in P5-based products. Firmware updates are already available for all vulnerabilities except CCS-VUL-2026-0002; software version 6.18.4, which addresses CCS-VUL-2026-0002, is expected to be released shortly.

Impact

Depending on the attack path, the vulnerabilities described may affect the confidentiality and integrity of device data, configuration data, and access credentials. Some vulnerabilities require physical access to the device electronics; others require network access or authenticated access with high privileges. Successful exploitation may allow, among other things, reading or modifying local storage contents, using a vendor remote service access, or bypassing intended restrictions for SSH keys.

Mitigation

Compleo recommends operating affected devices only in protected networks and restricting network access to required communication relationships. Device management and web interfaces should not be reachable from public or untrusted networks. Operators should install available firmware updates promptly and, in particular, ensure that affected P5 devices are updated to a firmware version that fixes the respective vulnerability.

Remediation

Compleo recommends updating affected P5-based products to the latest available firmware version.

Vulnerability Affected products / versions Remediation / recommended version
CCS-VUL-2026-0001: Unencrypted Memory P5 devices with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3 Update to software version 6.15.0 or later
CCS-VUL-2026-0002: Open Recovery Mode P5 devices with factory-installed software version up to and including 6.15.3 and installed software version up to and including 6.18.3 Devices factory-installed with software version 6.16.0 or later are not affected; update other affected devices to software version 6.18.4 or later
CCS-VUL-2026-0004: SSH Key Backdoor P5 devices with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3 Update to software version 6.15.0 or later
CCS-VUL-2026-0005: Authenticated SSH Key Injection P5 devices with installed software version up to and including 6.18.2 Update to software version 6.18.3 or later

To fully remediate all vulnerabilities described in this advisory, Compleo recommends updating to software version 6.18.4 or later, where this version is available for the respective product.

 

P5 Platform and Factory-Installed Software Version

The P5 platform includes Compleo eTower across all production years, Compleo SOLO from production year 2021, and Compleo DUO from production year 2022. Compleo SOLO was not explicitly named in the original vulnerability report; its affected status results from the vendor’s internal analysis of the shared P5 platform. Software version 6.15.0 or later has been installed on P5 devices at the factory since November 2025. The product model in this advisory distinguishes between the factory-installed software version and the currently installed software version. For CCS-VUL-2026-0001 and CCS-VUL-2026-0004, the relevant factory-installed software threshold is 6.15.0. For CCS-VUL-2026-0002, the relevant factory-installed software threshold is 6.16.0; devices delivered from the factory with software version up to and including 6.15.3 are treated separately from devices delivered with software version 6.16.0 or later. Where this advisory refers to the factory-installed software version up to and including 6.14.3, this means devices that were delivered from the factory with software version 6.14.3 or earlier.

Classification of Physical Access

The affected products are intended for operation in public spaces. Physical access to the outer enclosure is therefore expected during intended operation. Where this advisory lists physical access as an attack prerequisite, this does not mean mere proximity to the device, but unauthorised access to internal electronics, storage media, or service and debug interfaces after opening or tampering with the enclosure, maintenance doors, or service flaps.

General Recommendation

Compleo recommends operating charging infrastructure in protected, segmented networks and avoiding direct reachability from the Internet. Management and service interfaces should be protected by firewalls, access restrictions, and appropriate operational processes. Maintenance doors, service flaps, and enclosure access points to internal electronics should remain closed during regular operation and be secured against unauthorised opening. Operators should disable services that are not required and install available software updates promptly.

Product Description

Compleo eTower, Compleo SOLO, and Compleo DUO are charging stations for electric vehicles. DUO and SOLO are AC charging stations with a charging capacity of up to 22 kW per charging point; eTower is a DC high-power charging station with a charging capacity of up to 200 kW. The products are designed for networked operation and, depending on the configuration, can support backend communication, user authorisation, and billing functions compliant with German calibration law. The variants listed in this advisory are based on the shared P5 platform.

Vulnerabilities

Vulnerability ID Description Severity Affected Available fix / recommendation
CVE-2026-10790
CCS-VUL-2026-0001
CCS-VUL-2026-0001: Unencrypted Memory MEDIUM
CVSS 4.0: 6.8
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.4 or later.
CVE-2026-10791
CCS-VUL-2026-0002
CCS-VUL-2026-0002: Open Recovery Mode MEDIUM
CVSS 4.0: 5.1
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.4 or later.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.4 or later.
CVE-2026-10793
CCS-VUL-2026-0004
CCS-VUL-2026-0004: SSH Key Backdoor HIGH
CVSS 4.0: 8.1
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.4 or later.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.4 or later.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.4 or later.
CVE-2026-10794
CCS-VUL-2026-0005
CCS-VUL-2026-0005: Authenticated SSH Key Injection HIGH
CVSS 4.0: 8.5
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.4 or later.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.4 or later.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.4 or later.

Remediation and mitigations

Mitigation

Until the update has been installed, prevent unauthorised opening of or tampering with the enclosure, maintenance doors, and service flaps. Operation in public spaces remains the intended use case; this measure is intended to protect the internal electronics and storage media, not to prevent regular access to the outer enclosure.

Affected target group:

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

Vendor Fix

Target date / date: 2026-06-19

Update the affected product to software version 6.15.0 or later. Since software version 6.15.0, the issue has been fixed by using Secure Boot and Full Disk Encryption; Full Disk Encryption of the eMMC is also rolled out via software update for devices that were delivered from the factory with software version 6.14.3 or earlier.

Affected target group:

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

 

Additional status details
Status Products / product groups
Known not affected
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.4 or later.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.4 or later.

Details

CVSS 4.0 | 6.8 - Severity: MEDIUM
Referenz: CVE-2026-10790 | CCS-VUL-2026-0001 | CCS-VUL-2026-0001: Unencrypted Memory | Disclosure Date: 2026-06-22

 

Vulnerability Summary

With physical access to the device, the contents of the eMMC can be read externally using suitable hardware tools because, in affected versions, these contents are not stored in encrypted form.

Technical Description

The eMMC contents can be read and modified externally after physical access to the device.

Prerequisites

Exploitation requires physical access to the electronics inside the device as well as substantial hardware and software expertise.

Impact

An attacker with physical access to the device electronics can read unencrypted eMMC contents. This may disclose sensitive information or operational data. In addition, offline modifications to stored data may affect the integrity of the device.

Assessment Context

The assessment takes into account that exploitation requires physical access to the device as well as suitable hardware and software expertise. The vulnerability is not remotely exploitable. The CVSS assessment primarily reflects the risk to the confidentiality and integrity of locally stored data. Since software version 6.15.0, the risk has been addressed by Secure Boot and Full Disk Encryption.

Remediation

Since software version 6.15.0, the issue has been fixed by using Secure Boot and Full Disk Encryption. Full Disk Encryption of the eMMC is also rolled out via software update for devices that were delivered from the factory with software version 6.14.3 or earlier.

Assessment and classification

CWE-312 · Cleartext Storage of Sensitive Information

CWE-522 · Insufficiently Protected Credentials

CVSS vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A

Details

CVSS 4.0 | 5.1 Severity - MEDIUM

CVE-2026-10791 | CCS-VUL-2026-0002 | CCS-VUL-2026-0002: Open Recovery Mode | Disclosure Date: 2026-06-22

Vulnerability Summary

With physical access to the device, the processor module can be placed into recovery mode. In this mode, it is possible to execute custom code in memory and thereby access device data.

Technical Description

The processor can be placed into recovery mode or serial download mode, allowing arbitrary code to be started in RAM and data on the eMMC to be accessed.

Prerequisites

Exploitation requires physical access to the device as well as very extensive hardware and software expertise and comprehensive technical understanding of the system.

Impact

An attacker with physical access can place the processor module into recovery mode or serial download mode and execute custom code in memory. This can allow access to device data; depending on the device state, security mechanisms may also be bypassed or local data manipulated.

Assessment Context

The assessment takes into account that exploitation requires physical access to the electronics, very extensive hardware and software expertise, and deep technical understanding of the device. Exploitation over the network is not possible. For devices delivered from the factory with software version 6.16.0 or later, the risk is addressed by Secure Boot. For older factory-installed software versions, recovery mode is disabled from software version 6.18.4 onward.

Remediation

For devices delivered from the factory with software version 6.16.0 or later, the issue has been fixed since 6.16.0 by using Secure Boot. For devices delivered from the factory with software version 6.15.3 or earlier, the fix is implemented from software version 6.18.4 onward by disabling recovery mode.

Assessment and classification

CWE-312 · Cleartext Storage of Sensitive Information

CWE-1263 · Improper Physical Access Control

CVSS vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

 

Remediation and mitigations

Mitigation

Until the update has been installed, prevent unauthorised opening of or tampering with the enclosure, maintenance doors, and service flaps, as well as access to internal service or debug interfaces that can be used to trigger recovery mode or serial download mode.

Affected target group:

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

 

 

Vendor Fix

Target date / date: 2026-06-19

For devices delivered from the factory with software version 6.16.0 or later, the issue has been fixed since 6.16.0 by using Secure Boot. Update affected P5 devices that were delivered from the factory with software version 6.15.3 or earlier to software version 6.18.4 or later; this disables recovery mode.

Affected target group:

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

Additional status details
Status Products / product groups
Known not affected
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.3.
  • P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.4 or later.

Remediation and Mitigation

Mitigation

Restrict network access to SSH and management interfaces to trusted management networks. Ensure that remote service access is not reachable from untrusted networks.

Affected target group: 

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

 

Vendor Fix

Target date / date: 2026-06-19

Update the affected product to software version 6.15.0 or later. Since this version, the remote service function is disabled by default and can be enabled by the customer if required.

Affected target group:

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

Details

CVSS 4.0 | 8.1 - Severity: HIGH

CVE-2026-10793 · CCS-VUL-2026-0004 | CCS-VUL-2026-0004: SSH Key Backdoor | Disclosure Date: 2026-06-22

 

Vulnerability Summary

In affected versions, a vendor-secured remote service access intended for service purposes is enabled by default. The access can be used with a designated SSH certificate.

Technical Description

The authorized_keys file contains a cert-authority configuration that allows a matching certificate to be used for login. The SSH service is enabled by default.

Prerequisites

Exploitation requires network access and a matching SSH certificate signed by the CA, or a compromised key.

Impact

An attacker with network access and a matching SSH certificate signed by the configured CA, or a compromised key, can use the vendor remote service access. This may disclose confidential data and allow administrative changes to the device. The impact primarily affects the confidentiality and integrity of the affected device.

Assessment Context

The assessment takes into account that access is not possible through network reachability alone, but additionally requires a matching SSH certificate or compromised key material. The attack complexity is therefore rated higher. Since software version 6.15.0, the remote service function is disabled by default and can be explicitly enabled by the customer if required.

Remediation

Since software version 6.15.0, the remote service function is disabled by default and can be enabled by the customer if required.

Assessment and classification

CWE-321 · Use of Hard-coded Cryptographic Key

CWE-798 · Use of Hard-coded Credentials

CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Details

CVSS 4.0 8.5 - Schweregrad: HIGH

CVE-2026-10794 · CCS-VUL-2026-0005 | CCS-VUL-2026-0005: Authenticated SSH Key Injection | Disclosure Date: 2026-06-22

 

Vulnerability Summary

An authenticated user with appropriate privileges can inject additional SSH key data through the SSH key input field of the web application which is intended for configuration of load management clusters. This can bypass intended restrictions for configured SSH keys.

Technical Description

The web application allows SSH key injection via line breaks in the input field, enabling an additional key to be configured without the intended restrictions.

Prerequisites

Exploitation requires a valid login to the web application with high privileges.

Impact

An authenticated user with high privileges can configure additional SSH key data through the SSH key input field and thereby bypass intended restrictions for SSH keys. This may result in unauthorised or less restricted SSH access and may affect the confidentiality and integrity of the device.

Assessment Context

The assessment takes into account that exploitation requires a valid login to the web application with high privileges. The vulnerability is therefore not exploitable without prior authentication. The risk is particularly relevant if administrative accounts have been compromised or if multiple persons have privileged access to the web application. The fix is included in software version 6.18.3.

Remediation

Since software version 6.18.3, input validation has been tightened.

Assessment and classification

CWE-93 · Improper Neutralization of CRLF Sequences

CWE-78 · Improper Neutralization of Special Elements used in an OS Command

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A

Remediation and mitigation

Mitigation

Restrict access to the web and administration interface to trusted management networks. Grant high privileges only to trusted administrators and check configured SSH keys for unexpected entries.

Affected target group:

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

Vendor Fix

Target date / date: 2026-06-19

The fix is included in software version 6.18.3. Update the affected product to software version 6.18.3 or later.

Affected target group: 

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.

P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.

P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.

Affected product groups

Product group Products
P5 products with factory-installed software version up to and including 6.14.3 and installed software version up to and including 6.14.3.
  • Compleo eTower (P5 platform; all production years; factory-installed software version up to and including 6.14.3; installed software version up to and including 6.14.3)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version up to and including 6.14.3; installed software version up to and including 6.14.3)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version up to and including 6.14.3; installed software version up to and including 6.14.3)
P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.15.0 up to and including 6.15.3.
  • Compleo eTower (P5 platform; all production years; factory-installed software version up to and including 6.14.3; installed software version 6.15.0 up to and including 6.15.3)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version up to and including 6.14.3; installed software version 6.15.0 up to and including 6.15.3)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version up to and including 6.14.3; installed software version 6.15.0 up to and including 6.15.3)
P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.16.0 up to and including 6.18.2.
  • Compleo eTower (P5 platform; all production years; factory-installed software version up to and including 6.14.3; installed software version 6.16.0 up to and including 6.18.2)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version up to and including 6.14.3; installed software version 6.16.0 up to and including 6.18.2)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version up to and including 6.14.3; installed software version 6.16.0 up to and including 6.18.2)
P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.3.
  • Compleo eTower (P5 platform; all production years; factory-installed software version up to and including 6.14.3; installed software version 6.18.3)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version up to and including 6.14.3; installed software version 6.18.3)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version up to and including 6.14.3; installed software version 6.18.3)
P5 products with factory-installed software version up to and including 6.14.3 and installed software version 6.18.4 or later.
  • Compleo eTower (P5 platform; all production years; factory-installed software version up to and including 6.14.3; installed software version 6.18.4 or later)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version up to and including 6.14.3; installed software version 6.18.4 or later)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version up to and including 6.14.3; installed software version 6.18.4 or later)
P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.15.0 up to and including 6.15.3.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.15.0 up to and including 6.15.3)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.15.0 up to and including 6.15.3)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.15.0 up to and including 6.15.3)
P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.16.0 up to and including 6.18.2.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.16.0 up to and including 6.18.2)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.16.0 up to and including 6.18.2)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.16.0 up to and including 6.18.2)
P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.3.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.18.3)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.18.3)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.18.3)
P5 products with factory-installed software version 6.15.0 up to and including 6.15.3 and installed software version 6.18.4 or later.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.18.4 or later)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.18.4 or later)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.15.0 up to and including 6.15.3; installed software version 6.18.4 or later)
P5 products with factory-installed software version 6.16.0 or later and installed software version 6.16.0 up to and including 6.18.2.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.16.0 or later; installed software version 6.16.0 up to and including 6.18.2)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.16.0 or later; installed software version 6.16.0 up to and including 6.18.2)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.16.0 or later; installed software version 6.16.0 up to and including 6.18.2)
P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.3.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.16.0 or later; installed software version 6.18.3)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.16.0 or later; installed software version 6.18.3)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.16.0 or later; installed software version 6.18.3)
P5 products with factory-installed software version 6.16.0 or later and installed software version 6.18.4 or later.
  • Compleo eTower (P5 platform; all production years; factory-installed software version 6.16.0 or later; installed software version 6.18.4 or later)
  • Compleo SOLO (P5 platform; from production year 2021; factory-installed software version 6.16.0 or later; installed software version 6.18.4 or later)
  • Compleo DUO (P5 platform; from production year 2022; factory-installed software version 6.16.0 or later; installed software version 6.18.4 or later)

Acknowledgments

Reported as part of coordinated vulnerability disclosure. Names: S. Dietz, T. Weber. Organisation: CyberDanube Security Research.
 

Revision history

Version Date Summary
1 2026-06-17 12:00 UTC Final publication of the advisory.


References and contact

Compleo Charging Solutions GmbH & Co. KG

Compleo Product Security Incident Response Team (PSIRT), Ezzestraße 8, 44379 Dortmund, Germany

 

Issuing authority: Compleo Product Security Incident Response Team (PSIRT)

Category Description URL
self CCS-SA-2026-0001: Compleo Security Advisory on Vulnerabilities in P5-Based Products - CSAF https://www.compleo-charging.com/fileadmin/Documentcenter/Security_advisory/ccs-sa-2026-0001.zip
self CCS-SA-2026-0001: Compleo Security Advisory zu Schwachstellen in P5-basierten Produkten - HTML (German) https://www.compleo-charging.com/produkte/document-center/security-advisory-1
self CCS-SA-2026-0001: Compleo Security Advisory on Vulnerabilities in P5-Based Products - HTML (English) https://www.compleo-charging.com/en/products/document-centre/security-advisory-1
external Firmware downloads and release notes for Compleo firmware https://vaylens.atlassian.net/wiki/spaces/CK/pages/772046982/Firmware+bereitgestellt+von+Compleo
external Support and contact page (German) https://www.compleo-charging.com/beratung
external Support and contact page (English)

https://www.compleo-charging.com/en/consultation

 

Technical document data

CSAF-Version: 2.1

Category: csaf_security_advisory

Initial release: 2026-06-17T12:00:00Z

TLP: CLEAR — Publicly released; distribution without restriction is permitted.

Namespace: https://www.compleo-charging.com/

Schema: https://docs.oasis-open.org/csaf/csaf/v2.1/schema/csaf.json