Code injection

2022-04-2716:15:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .

CPENameOperatorVersion
cc612_firmwarege5.11.0
cc612_firmwarelt5.11.2
cc612_firmwarege5.12.0
cc612_firmwarelt5.12.5
cc612_firmwarege5.13.0
cc612_firmwarelt5.13.2
cc612_firmwarege5.20.0
cc612_firmwarelt5.20.2
icc15xx_firmwarege5.11.0
icc15xx_firmwarelt5.11.2

Name	Operator	Version
cc612_firmware	ge	5.11.0
cc612_firmware	lt	5.11.2
cc612_firmware	ge	5.12.0
cc612_firmware	lt	5.12.5
cc612_firmware	ge	5.13.0
cc612_firmware	lt	5.13.2
cc612_firmware	ge	5.20.0
cc612_firmware	lt	5.20.2
icc15xx_firmware	ge	5.11.0
icc15xx_firmware	lt	5.11.2

Rows per page:

1-10 of 321

References

cert.vde.com/en/advisories/VDE-2021-047