CVE-2021-34601

EPSS 0.41%
Veröffentlicht 27.04.2022 16:15:11
Zuletzt bearbeitet 21.11.2024 06:10:47
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bender ≫ Cc612 Firmware Version >= 5.11.0 < 5.11.2

Bender ≫ Cc612 Version-

Bender ≫ Cc612 Firmware Version >= 5.12.0 < 5.12.5

Bender ≫ Cc612 Version-

Bender ≫ Cc612 Firmware Version >= 5.13.0 < 5.13.2

Bender ≫ Cc612 Version-

Bender ≫ Cc612 Firmware Version >= 5.20.0 < 5.20.2

Bender ≫ Cc612 Version-

Bender ≫ Icc15xx Firmware Version >= 5.11.0 < 5.11.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.12.0 < 5.12.5

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.13.0 < 5.13.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.20.0 < 5.20.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.11.0 < 5.11.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.12.0 < 5.12.5

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.13.0 < 5.13.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.20.0 < 5.20.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.11.0 < 5.11.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.12.0 < 5.12.5

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.13.0 < 5.13.2

Bender ≫ Cc613 Version-

Bender ≫ Icc15xx Firmware Version >= 5.20.0 < 5.20.2

Bender ≫ Cc613 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.603

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cert.vde.com/en/advisories/VDE-2021-047

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34601

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-34601