7.8
CVE-2021-34591
- EPSS 0.22%
- Veröffentlicht 27.04.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:10:46
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginBender Charge Controller: Local privilege Escalation
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bender ≫ Cc612 Firmware Version >= 5.11.0 < 5.11.2
Bender ≫ Cc612 Firmware Version >= 5.12.0 < 5.12.5
Bender ≫ Cc612 Firmware Version >= 5.13.0 < 5.13.2
Bender ≫ Cc612 Firmware Version >= 5.20.0 < 5.20.2
Bender ≫ Icc15xx Firmware Version >= 5.11.0 < 5.11.2
Bender ≫ Icc15xx Firmware Version >= 5.12.0 < 5.12.5
Bender ≫ Icc15xx Firmware Version >= 5.13.0 < 5.13.2
Bender ≫ Icc15xx Firmware Version >= 5.20.0 < 5.20.2
Bender ≫ Icc15xx Firmware Version >= 5.11.0 < 5.11.2
Bender ≫ Icc15xx Firmware Version >= 5.12.0 < 5.12.5
Bender ≫ Icc15xx Firmware Version >= 5.13.0 < 5.13.2
Bender ≫ Icc15xx Firmware Version >= 5.20.0 < 5.20.2
Bender ≫ Icc15xx Firmware Version >= 5.11.0 < 5.11.2
Bender ≫ Icc15xx Firmware Version >= 5.12.0 < 5.12.5
Bender ≫ Icc15xx Firmware Version >= 5.13.0 < 5.13.2
Bender ≫ Icc15xx Firmware Version >= 5.20.0 < 5.20.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.126 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| info@cert.vde.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
https://cert.vde.com/en/advisories/VDE-2021-047