CVE-2021-34588 (GCVE-0-2021-34588)
Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 21:07
VLAI?
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
Severity ?
8.6 (High)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Bender / ebee | CC612 |
Affected:
5.11.x , < 5.11.2
(custom)
Affected: 5.12.x , < 5.12.5 (custom) Affected: 5.13.x , < 5.13.2 (custom) Affected: 5.20.x , < 5.20.2 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CC612",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "CC613",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC15xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
},
{
"product": "ICC16xx",
"vendor": "Bender / ebee",
"versions": [
{
"lessThan": "5.11.2",
"status": "affected",
"version": "5.11.x",
"versionType": "custom"
},
{
"lessThan": "5.12.5",
"status": "affected",
"version": "5.12.x",
"versionType": "custom"
},
{
"lessThan": "5.13.2",
"status": "affected",
"version": "5.13.x",
"versionType": "custom"
},
{
"lessThan": "5.20.2",
"status": "affected",
"version": "5.20.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"datePublic": "2022-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T15:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
],
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
},
"title": "Bender Charge Controller: Unprotected data export",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
"ID": "CVE-2021-34588",
"STATE": "PUBLIC",
"TITLE": "Bender Charge Controller: Unprotected data export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CC612",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "CC613",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC15xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
},
{
"product_name": "ICC16xx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.11.x",
"version_value": "5.11.2"
},
{
"version_affected": "\u003c",
"version_name": "5.12.x",
"version_value": "5.12.5"
},
{
"version_affected": "\u003c",
"version_name": "5.13.x",
"version_value": "5.13.2"
},
{
"version_affected": "\u003c",
"version_name": "5.20.x",
"version_value": "5.20.2"
}
]
}
}
]
},
"vendor_name": "Bender / ebee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425 Direct Request (Forced Browsing)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-047",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-047"
}
]
},
"source": {
"advisory": "VDE-2021-047",
"defect": [
"CERT@VDE#64088"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34588",
"datePublished": "2022-04-27T15:15:25.652629Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T21:07:21.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11.0\", \"versionEndExcluding\": \"5.11.2\", \"matchCriteriaId\": \"81AED2C8-71EE-4BFC-949C-D63F998CD1ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12.0\", \"versionEndExcluding\": \"5.12.5\", \"matchCriteriaId\": \"609125CC-4748-4507-8CF2-1752FF89B203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.13.0\", \"versionEndExcluding\": \"5.13.2\", \"matchCriteriaId\": \"C6FEC2C0-7F12-434A-9070-9A0F19379D25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.20.0\", \"versionEndExcluding\": \"5.20.2\", \"matchCriteriaId\": \"E80EBD0C-D852-4EF7-B0EA-89124683939C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B48F3A5-C59D-40B6-ADBB-76FA536C78FE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11.0\", \"versionEndExcluding\": \"5.11.2\", \"matchCriteriaId\": \"4B078039-C644-42DE-8122-300415D69854\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12.0\", \"versionEndExcluding\": \"5.12.5\", \"matchCriteriaId\": \"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.13.0\", \"versionEndExcluding\": \"5.13.2\", \"matchCriteriaId\": \"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.20.0\", \"versionEndExcluding\": \"5.20.2\", \"matchCriteriaId\": \"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11.0\", \"versionEndExcluding\": \"5.11.2\", \"matchCriteriaId\": \"4B078039-C644-42DE-8122-300415D69854\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12.0\", \"versionEndExcluding\": \"5.12.5\", \"matchCriteriaId\": \"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.13.0\", \"versionEndExcluding\": \"5.13.2\", \"matchCriteriaId\": \"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.20.0\", \"versionEndExcluding\": \"5.20.2\", \"matchCriteriaId\": \"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11.0\", \"versionEndExcluding\": \"5.11.2\", \"matchCriteriaId\": \"4B078039-C644-42DE-8122-300415D69854\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12.0\", \"versionEndExcluding\": \"5.12.5\", \"matchCriteriaId\": \"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.13.0\", \"versionEndExcluding\": \"5.13.2\", \"matchCriteriaId\": \"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.20.0\", \"versionEndExcluding\": \"5.20.2\", \"matchCriteriaId\": \"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .\"}, {\"lang\": \"es\", \"value\": \"En los Controladores de Carga Bender/ebee en m\\u00faltiples versiones son propensos a una exportaci\\u00f3n de datos sin protecci\\u00f3n. La exportaci\\u00f3n de copias de seguridad est\\u00e1 protegida por medio de una clave aleatoria. La clave es establecida en el inicio de sesi\\u00f3n del usuario. Est\\u00e1 vac\\u00eda despu\\u00e9s de reiniciar\"}]",
"id": "CVE-2021-34588",
"lastModified": "2024-11-21T06:10:45.817",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-04-27T16:15:10.870",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2021-047\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2021-047\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-425\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-34588\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-04-27T16:15:10.870\",\"lastModified\":\"2024-11-21T06:10:45.817\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .\"},{\"lang\":\"es\",\"value\":\"En los Controladores de Carga Bender/ebee en m\u00faltiples versiones son propensos a una exportaci\u00f3n de datos sin protecci\u00f3n. La exportaci\u00f3n de copias de seguridad est\u00e1 protegida por medio de una clave aleatoria. La clave es establecida en el inicio de sesi\u00f3n del usuario. Est\u00e1 vac\u00eda despu\u00e9s de reiniciar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"81AED2C8-71EE-4BFC-949C-D63F998CD1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"609125CC-4748-4507-8CF2-1752FF89B203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"C6FEC2C0-7F12-434A-9070-9A0F19379D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"E80EBD0C-D852-4EF7-B0EA-89124683939C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B48F3A5-C59D-40B6-ADBB-76FA536C78FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"4B078039-C644-42DE-8122-300415D69854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"4B078039-C644-42DE-8122-300415D69854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"4B078039-C644-42DE-8122-300415D69854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12.0\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"D687057F-58C9-4463-BEF2-BE4CA428F9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13.0\",\"versionEndExcluding\":\"5.13.2\",\"matchCriteriaId\":\"88D208BE-6401-489E-BBE7-1ABBEB14CF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.20.0\",\"versionEndExcluding\":\"5.20.2\",\"matchCriteriaId\":\"0B36AF92-1F52-45AA-BAAF-0D94EB0B2FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEFDDEB-23FB-474C-9A91-EDA35837D34B\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2021-047\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2021-047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…