Lucene search

[email protected]NVD:CVE-2021-34589

HistoryApr 27, 2022 - 4:15 p.m.

CVE-2021-34589

2022-04-2716:15:10

CWE-200

[email protected]

web.nvd.nist.gov

bender/ebee charge controllers

rfid leak

web interface

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.

Affected configurations

Nvd

Node

bendercc612_firmwareRange5.11.0–5.11.2

bendercc612_firmwareRange5.12.0–5.12.5

bendercc612_firmwareRange5.13.0–5.13.2

bendercc612_firmwareRange5.20.0–5.20.2

AND

bendercc612Match-

Node

bendercc613_firmwareRange5.11.0–5.11.2

bendercc613_firmwareRange5.13.0–5.13.2

bendercc613_firmwareRange5.20.0–5.20.2

bendericc613_firmwareRange5.12.0–5.12.5

AND

bendercc613Match-

Node

bendericc15xx_firmwareRange5.11.0–5.11.2

bendericc15xx_firmwareRange5.12.0–5.12.5

bendericc15xx_firmwareRange5.13.0–5.13.2

bendericc15xx_firmwareRange5.20.0–5.20.2

AND

bendericc15xxMatch-

Node

bendericc16xx_firmwareRange5.11.0–5.11.2

bendericc16xx_firmwareRange5.12.0–5.12.5

bendericc16xx_firmwareRange5.13.0–5.13.2

bendericc16xx_firmwareRange5.20.0–5.20.2

AND

bendericc16xxMatch-

VendorProductVersionCPE
bendercc612_firmware*cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*
bendercc612-cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*
bendercc613_firmware*cpe:2.3:o:bender:cc613_firmware:*:*:*:*:*:*:*:*
bendericc613_firmware*cpe:2.3:o:bender:icc613_firmware:*:*:*:*:*:*:*:*
bendercc613-cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*
bendericc15xx_firmware*cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*
bendericc15xx-cpe:2.3:h:bender:icc15xx:-:*:*:*:*:*:*:*
bendericc16xx_firmware*cpe:2.3:o:bender:icc16xx_firmware:*:*:*:*:*:*:*:*
bendericc16xx-cpe:2.3:h:bender:icc16xx:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bender	cc612_firmware	*	cpe:2.3:o:bender:cc612_firmware::::::::
bender	cc612	-	cpe:2.3:h:bender:cc612:-:::::::*
bender	cc613_firmware	*	cpe:2.3:o:bender:cc613_firmware::::::::
bender	icc613_firmware	*	cpe:2.3:o:bender:icc613_firmware::::::::
bender	cc613	-	cpe:2.3:h:bender:cc613:-:::::::*
bender	icc15xx_firmware	*	cpe:2.3:o:bender:icc15xx_firmware::::::::
bender	icc15xx	-	cpe:2.3:h:bender:icc15xx:-:::::::*
bender	icc16xx_firmware	*	cpe:2.3:o:bender:icc16xx_firmware::::::::
bender	icc16xx	-	cpe:2.3:h:bender:icc16xx:-:::::::*

References

cert.vde.com/en/advisories/VDE-2021-047

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Related for NVD:CVE-2021-34589

prion1 cve1 cvelist1