Vulnerabilites related to bender - icc15xx_firmware
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a Credenciales Embebidas. El controlador de carga CC612 de Bender en la versi\u00f3n 5.20.1 e inferior es propenso a credenciales ssh embebidas. Un atacante puede usar la contrase\u00f1a para conseguir acceso administrativo a la web-UI"
}
],
"id": "CVE-2021-34601",
"lastModified": "2024-11-21T06:10:47.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:11.207",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a la inyecci\u00f3n de comandos por medio de la interfaz Web. Un atacante autenticado podr\u00eda introducir comandos de shell en algunos campos de entrada"
}
],
"id": "CVE-2021-34592",
"lastModified": "2024-11-21T06:10:46.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:11.143",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
},
{
"lang": "es",
"value": "En los Controladores de Carga Bender/ebee en m\u00faltiples versiones son propensos a una exportaci\u00f3n de datos sin protecci\u00f3n. La exportaci\u00f3n de copias de seguridad est\u00e1 protegida por medio de una clave aleatoria. La clave es establecida en el inicio de sesi\u00f3n del usuario. Est\u00e1 vac\u00eda despu\u00e9s de reiniciar"
}
],
"id": "CVE-2021-34588",
"lastModified": "2024-11-21T06:10:45.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:10.870",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | cc613_firmware | * | |
| bender | cc613_firmware | * | |
| bender | cc613_firmware | * | |
| bender | icc613_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx | - | |
| bender | icc16xx_firmware | * | |
| bender | icc16xx_firmware | * | |
| bender | icc16xx_firmware | * | |
| bender | icc16xx_firmware | * | |
| bender | icc16xx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E236CF-B4BA-4A59-BBA5-4A8DED0B1BE9",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC385CD-C199-4E6C-A3E1-D0A5A140A52A",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1501D9BB-A77D-42A0-9960-27F985922D08",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F15ABD33-FEA6-4EF4-9BED-D4FE069473C6",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:icc15xx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C449A16-8C53-46CB-AAAC-E42B41575309",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6070DAAF-CB0D-485F-8CA7-3EC9485441B7",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97D5D5D9-81DE-4987-8CC0-35591F23181B",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB49335-8FD8-451C-8D0B-7835983E0DFE",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE60DCB-35EA-47F1-9F60-4FFA275090AD",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:icc16xx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B96EF215-8AD0-4076-8CBA-E6FA8F21A38E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a un filtrado de RFID. El RFID del \u00faltimo evento de carga puede ser le\u00eddo sin autenticaci\u00f3n por medio de la interfaz web"
}
],
"id": "CVE-2021-34589",
"lastModified": "2024-11-21T06:10:45.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:10.953",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a un ataque de tipo Cross-site Scripting. Un atacante autenticado podr\u00eda escribir c\u00f3digo HTML en los valores de configuraci\u00f3n. Estos valores no son escapados apropiadamente cuando son mostrados"
}
],
"id": "CVE-2021-34590",
"lastModified": "2024-11-21T06:10:46.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:11.017",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a la inyecci\u00f3n de comandos por medio de la interfaz web. Un atacante autenticado podr\u00eda introducir comandos de shell en algunos campos de entrada que son ejecutados con privilegios root"
}
],
"id": "CVE-2021-34602",
"lastModified": "2024-11-21T06:10:47.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:11.267",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a una escalada de privilegios local. Un atacante autenticado podr\u00eda obtener acceso de root por medio de las aplicaciones suid socat, ip udhcpc e ifplugd"
}
],
"id": "CVE-2021-34591",
"lastModified": "2024-11-21T06:10:46.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:11.083",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:_ibm_rational_lifecycle_integration_adapter_for_windchill:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBEC040-9566-45BE-9D03-D1E1A5762AAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E236CF-B4BA-4A59-BBA5-4A8DED0B1BE9",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651C5E8E-C1CE-4C03-BE87-C8CC0E988217",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC385CD-C199-4E6C-A3E1-D0A5A140A52A",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1501D9BB-A77D-42A0-9960-27F985922D08",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:icc15xx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C449A16-8C53-46CB-AAAC-E42B41575309",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6070DAAF-CB0D-485F-8CA7-3EC9485441B7",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97D5D5D9-81DE-4987-8CC0-35591F23181B",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB49335-8FD8-451C-8D0B-7835983E0DFE",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE60DCB-35EA-47F1-9F60-4FFA275090AD",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:icc16xx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B96EF215-8AD0-4076-8CBA-E6FA8F21A38E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
},
{
"lang": "es",
"value": "En los Controladores de Carga Bender/ebee en m\u00faltiples versiones, una URL larga podr\u00eda conllevar a un bloqueo del servidor web. La URL es usada como entrada de un sprintf a una variable de pila"
}
],
"id": "CVE-2021-34587",
"lastModified": "2024-11-21T06:10:45.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:10.617",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-34592 (GCVE-0-2021-34592)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:31",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Command injection via Web interface",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34592",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Command injection via Web interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34592",
"datePublished": "2022-04-27T15:15:31.464112Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:20:44.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34589 (GCVE-0-2021-34589)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 21:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:27",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: RFID leak",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34589",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: RFID leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34589",
"datePublished": "2022-04-27T15:15:27.151287Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T21:08:59.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34601 (GCVE-0-2021-34601)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-259 - Use of Hard-coded Password
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:33",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64026"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Hardcoded Credentials in Charge Controller",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34601",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Hardcoded Credentials in Charge Controller"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64026"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34601",
"datePublished": "2022-04-27T15:15:33.375616Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T19:47:12.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34591 (GCVE-0-2021-34591)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Local privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34591",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Local privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34591",
"datePublished": "2022-04-27T15:15:30.014135Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T20:36:53.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34587 (GCVE-0-2021-34587)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-17 02:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:23",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Long URL could lead to webserver crash",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34587",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34587",
"datePublished": "2022-04-27T15:15:24.084444Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T02:58:12.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34588 (GCVE-0-2021-34588)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-425 - Direct Request (Forced Browsing)
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Unprotected data export",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34588",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Unprotected data export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34588",
"datePublished": "2022-04-27T15:15:25.652629Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T21:07:21.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34602 (GCVE-0-2021-34602)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OS Command Injection
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:34",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64027"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Long URL could lead to webserver crash",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34602",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64027"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34602",
"datePublished": "2022-04-27T15:15:34.774811Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T01:46:57.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34590 (GCVE-0-2021-34590)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:28",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34590",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34590",
"datePublished": "2022-04-27T15:15:28.655810Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:01:39.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}