Search criteria

8 vulnerabilities by Bender / ebee

CVE-2021-34602 (GCVE-0-2021-34602)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-17 01:46
VLAI?
Title
Bender Charge Controller: Long URL could lead to webserver crash
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-78 - OS Command Injection
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:47.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:34",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64027"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Long URL could lead to webserver crash",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34602",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64027"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34602",
    "datePublished": "2022-04-27T15:15:34.774811Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-17T01:46:57.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34601 (GCVE-0-2021-34601)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 19:47
VLAI?
Title
Bender Charge Controller: Hardcoded Credentials in Charge Controller
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:47.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:33",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Hardcoded Credentials in Charge Controller",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34601",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Hardcoded Credentials in Charge Controller"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks Qianxin StarV Security Lab, China. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-259 Use of Hard-coded Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34601",
    "datePublished": "2022-04-27T15:15:33.375616Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T19:47:12.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34592 (GCVE-0-2021-34592)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 22:20
VLAI?
Title
Bender Charge Controller: Command injection via Web interface
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:31",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Command injection via Web interface",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34592",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Command injection via Web interface"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34592",
    "datePublished": "2022-04-27T15:15:31.464112Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T22:20:44.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34591 (GCVE-0-2021-34591)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 20:36
VLAI?
Title
Bender Charge Controller: Local privilege Escalation
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:29",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Local privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34591",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Local privilege Escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250 Execution with Unnecessary Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34591",
    "datePublished": "2022-04-27T15:15:30.014135Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T20:36:53.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34590 (GCVE-0-2021-34590)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 22:01
VLAI?
Title
Bender Charge Controller: Cross-site Scripting
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:28",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Cross-site Scripting",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34590",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Cross-site Scripting"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34590",
    "datePublished": "2022-04-27T15:15:28.655810Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T22:01:39.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34589 (GCVE-0-2021-34589)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 21:08
VLAI?
Title
Bender Charge Controller: RFID leak
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:27",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: RFID leak",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34589",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: RFID leak"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34589",
    "datePublished": "2022-04-27T15:15:27.151287Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T21:08:59.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34588 (GCVE-0-2021-34588)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 21:07
VLAI?
Title
Bender Charge Controller: Unprotected data export
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
Severity ?
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:25",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Unprotected data export",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34588",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Unprotected data export"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34588",
    "datePublished": "2022-04-27T15:15:25.652629Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T21:07:21.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34587 (GCVE-0-2021-34587)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-17 02:58
VLAI?
Title
Bender Charge Controller: Long URL could lead to webserver crash
Summary
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
    Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:23",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Long URL could lead to webserver crash",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34587",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Long URL could lead to webserver crash"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121 Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34587",
    "datePublished": "2022-04-27T15:15:24.084444Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-17T02:58:12.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}