Vulnerabilites related to Bender / ebee - ICC16xx
CVE-2021-34592 (GCVE-0-2021-34592)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:31",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Command injection via Web interface",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34592",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Command injection via Web interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34592",
"datePublished": "2022-04-27T15:15:31.464112Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:20:44.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34589 (GCVE-0-2021-34589)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 21:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:27",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: RFID leak",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34589",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: RFID leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34589",
"datePublished": "2022-04-27T15:15:27.151287Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T21:08:59.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34601 (GCVE-0-2021-34601)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-259 - Use of Hard-coded Password
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:33",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64026"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Hardcoded Credentials in Charge Controller",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34601",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Hardcoded Credentials in Charge Controller"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64026"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34601",
"datePublished": "2022-04-27T15:15:33.375616Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T19:47:12.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34591 (GCVE-0-2021-34591)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Local privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34591",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Local privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34591",
"datePublished": "2022-04-27T15:15:30.014135Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T20:36:53.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34587 (GCVE-0-2021-34587)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-17 02:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:23",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Long URL could lead to webserver crash",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34587",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34587",
"datePublished": "2022-04-27T15:15:24.084444Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T02:58:12.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34588 (GCVE-0-2021-34588)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-425 - Direct Request (Forced Browsing)
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Unprotected data export",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34588",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Unprotected data export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34588",
"datePublished": "2022-04-27T15:15:25.652629Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T21:07:21.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34602 (GCVE-0-2021-34602)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OS Command Injection
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:34",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64027"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Long URL could lead to webserver crash",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34602",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64027"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34602",
"datePublished": "2022-04-27T15:15:34.774811Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T01:46:57.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34590 (GCVE-0-2021-34590)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:28",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34590",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34590",
"datePublished": "2022-04-27T15:15:28.655810Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:01:39.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}