CVE-2021-34601

Published Apr 27, 2022

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-798
info@cert.vde.com: CWE-259

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81AED2C8-71EE-4BFC-949C-D63F998CD1ED",
            "versionEndExcluding": "5.11.2",
            "versionStartIncluding": "5.11.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "609125CC-4748-4507-8CF2-1752FF89B203",
            "versionEndExcluding": "5.12.5",
            "versionStartIncluding": "5.12.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6FEC2C0-7F12-434A-9070-9A0F19379D25",
            "versionEndExcluding": "5.13.2",
            "versionStartIncluding": "5.13.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E80EBD0C-D852-4EF7-B0EA-89124683939C",
            "versionEndExcluding": "5.20.2",
            "versionStartIncluding": "5.20.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9B48F3A5-C59D-40B6-ADBB-76FA536C78FE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
            "versionEndExcluding": "5.11.2",
            "versionStartIncluding": "5.11.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
            "versionEndExcluding": "5.12.5",
            "versionStartIncluding": "5.12.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
            "versionEndExcluding": "5.13.2",
            "versionStartIncluding": "5.13.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
            "versionEndExcluding": "5.20.2",
            "versionStartIncluding": "5.20.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
            "versionEndExcluding": "5.11.2",
            "versionStartIncluding": "5.11.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
            "versionEndExcluding": "5.12.5",
            "versionStartIncluding": "5.12.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
            "versionEndExcluding": "5.13.2",
            "versionStartIncluding": "5.13.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
            "versionEndExcluding": "5.20.2",
            "versionStartIncluding": "5.20.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B078039-C644-42DE-8122-300415D69854",
            "versionEndExcluding": "5.11.2",
            "versionStartIncluding": "5.11.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D687057F-58C9-4463-BEF2-BE4CA428F9AD",
            "versionEndExcluding": "5.12.5",
            "versionStartIncluding": "5.12.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D208BE-6401-489E-BBE7-1ABBEB14CF52",
            "versionEndExcluding": "5.13.2",
            "versionStartIncluding": "5.13.0"
          },
          {
            "criteria": "cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2",
            "versionEndExcluding": "5.20.2",
            "versionStartIncluding": "5.20.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FEFDDEB-23FB-474C-9A91-EDA35837D34B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References