fkie_cve-2021-34601
Vulnerability from fkie_nvd
Published
2022-04-27 16:15
Modified
2024-11-21 06:10
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-047 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612_firmware | * | |
| bender | cc612 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | icc15xx_firmware | * | |
| bender | cc613 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
"versionEndExcluding": "5.11.2",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
"versionEndExcluding": "5.12.5",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
"versionEndExcluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
"versionEndExcluding": "5.20.2",
"versionStartIncluding": "5.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
},
{
"lang": "es",
"value": "En los controladores de carga Bender/ebee en m\u00faltiples versiones son propensos a Credenciales Embebidas. El controlador de carga CC612 de Bender en la versi\u00f3n 5.20.1 e inferior es propenso a credenciales ssh embebidas. Un atacante puede usar la contrase\u00f1a para conseguir acceso administrativo a la web-UI"
}
],
"id": "CVE-2021-34601",
"lastModified": "2024-11-21T06:10:47.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T16:15:11.207",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…