CVE-2021-34601
27.04.2022, 16:15
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.Enginsight
| Vendor | Product | Version |
|---|---|---|
| bender | cc612_firmware | 5.11.0 ≤ 𝑥 < 5.11.2 |
| bender | cc612_firmware | 5.12.0 ≤ 𝑥 < 5.12.5 |
| bender | cc612_firmware | 5.13.0 ≤ 𝑥 < 5.13.2 |
| bender | cc612_firmware | 5.20.0 ≤ 𝑥 < 5.20.2 |
| bender | icc15xx_firmware | 5.11.0 ≤ 𝑥 < 5.11.2 |
| bender | icc15xx_firmware | 5.12.0 ≤ 𝑥 < 5.12.5 |
| bender | icc15xx_firmware | 5.13.0 ≤ 𝑥 < 5.13.2 |
| bender | icc15xx_firmware | 5.20.0 ≤ 𝑥 < 5.20.2 |
| bender | icc15xx_firmware | 5.11.0 ≤ 𝑥 < 5.11.2 |
| bender | icc15xx_firmware | 5.12.0 ≤ 𝑥 < 5.12.5 |
| bender | icc15xx_firmware | 5.13.0 ≤ 𝑥 < 5.13.2 |
| bender | icc15xx_firmware | 5.20.0 ≤ 𝑥 < 5.20.2 |
| bender | icc15xx_firmware | 5.11.0 ≤ 𝑥 < 5.11.2 |
| bender | icc15xx_firmware | 5.12.0 ≤ 𝑥 < 5.12.5 |
| bender | icc15xx_firmware | 5.13.0 ≤ 𝑥 < 5.13.2 |
| bender | icc15xx_firmware | 5.20.0 ≤ 𝑥 < 5.20.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-259 - Use of Hard-coded PasswordThe software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.