Lucene search

[email protected]NVD:CVE-2021-34591

HistoryApr 27, 2022 - 4:15 p.m.

CVE-2021-34591

2022-04-2716:15:11

CWE-250

[email protected]

web.nvd.nist.gov

cve-2021-34591

bender/ebee charge controllers

local privilege escalation

authenticated attacker

suid applications

root access

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.

Affected configurations

Nvd

Node

bendercc612_firmwareRange5.11.0–5.11.2

bendercc612_firmwareRange5.12.0–5.12.5

bendercc612_firmwareRange5.13.0–5.13.2

bendercc612_firmwareRange5.20.0–5.20.2

AND

bendercc612Match-

Node

bendercc613Match-

AND

bendericc15xx_firmwareRange5.11.0–5.11.2

bendericc15xx_firmwareRange5.12.0–5.12.5

bendericc15xx_firmwareRange5.13.0–5.13.2

bendericc15xx_firmwareRange5.20.0–5.20.2

Node

bendercc613Match-

AND

bendericc15xx_firmwareRange5.11.0–5.11.2

bendericc15xx_firmwareRange5.12.0–5.12.5

bendericc15xx_firmwareRange5.13.0–5.13.2

bendericc15xx_firmwareRange5.20.0–5.20.2

Node

bendercc613Match-

AND

bendericc15xx_firmwareRange5.11.0–5.11.2

bendericc15xx_firmwareRange5.12.0–5.12.5

bendericc15xx_firmwareRange5.13.0–5.13.2

bendericc15xx_firmwareRange5.20.0–5.20.2

VendorProductVersionCPE
bendercc612_firmware*cpe:2.3:o:bender:cc612_firmware:*:*:*:*:*:*:*:*
bendercc612-cpe:2.3:h:bender:cc612:-:*:*:*:*:*:*:*
bendercc613-cpe:2.3:h:bender:cc613:-:*:*:*:*:*:*:*
bendericc15xx_firmware*cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bender	cc612_firmware	*	cpe:2.3:o:bender:cc612_firmware::::::::
bender	cc612	-	cpe:2.3:h:bender:cc612:-:::::::*
bender	cc613	-	cpe:2.3:h:bender:cc613:-:::::::*
bender	icc15xx_firmware	*	cpe:2.3:o:bender:icc15xx_firmware::::::::

References

cert.vde.com/en/advisories/VDE-2021-047

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-34591

cvelist1 prion1 cve1