CVE-2021-34588 (GCVE-0-2021-34588)
Vulnerability from cvelistv5
Published
2022-04-27 15:15
Modified
2024-09-16 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-425 - Direct Request (Forced Browsing)
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bender / ebee | CC612 |
Version: 5.11.x < 5.11.2 Version: 5.12.x < 5.12.5 Version: 5.13.x < 5.13.2 Version: 5.20.x < 5.20.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Unprotected data export",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34588",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Unprotected data export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34588",
"datePublished": "2022-04-27T15:15:25.652629Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T21:07:21.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-34588\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-04-27T16:15:10.870\",\"lastModified\":\"2024-11-21T06:10:45.817\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .\"},{\"lang\":\"es\",\"value\":\"En los Controladores de Carga Bender/ebee en m\u00faltiples versiones son propensos a una exportaci\u00f3n de datos sin protecci\u00f3n. La exportaci\u00f3n de copias de seguridad est\u00e1 protegida por medio de una clave aleatoria. La clave es establecida en el inicio de sesi\u00f3n del usuario. Est\u00e1 vac\u00eda despu\u00e9s de reiniciar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"81AED2C8-71EE-4BFC-949C-D63F998CD1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"609125CC-4748-4507-8CF2-1752FF89B203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"C6FEC2C0-7F12-434A-9070-9A0F19379D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"E80EBD0C-D852-4EF7-B0EA-89124683939C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B48F3A5-C59D-40B6-ADBB-76FA536C78FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"4B078039-C644-42DE-8122-300415D69854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"4B078039-C644-42DE-8122-300415D69854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"4B078039-C644-42DE-8122-300415D69854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2021-047\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2021-047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…