Authentication flaw

2022-04-2716:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.

CPENameOperatorVersion
cc612_firmwarege5.11.0
cc612_firmwarelt5.11.2
cc612_firmwarege5.12.0
cc612_firmwarelt5.12.5
cc612_firmwarege5.13.0
cc612_firmwarelt5.13.2
cc612_firmwarege5.20.0
cc612_firmwarelt5.20.2
cc613_firmwarege5.11.0
cc613_firmwarelt5.11.2

Name	Operator	Version
cc612_firmware	ge	5.11.0
cc612_firmware	lt	5.11.2
cc612_firmware	ge	5.12.0
cc612_firmware	lt	5.12.5
cc612_firmware	ge	5.13.0
cc612_firmware	lt	5.13.2
cc612_firmware	ge	5.20.0
cc612_firmware	lt	5.20.2
cc613_firmware	ge	5.11.0
cc613_firmware	lt	5.11.2

Rows per page:

1-10 of 321

References

cert.vde.com/en/advisories/VDE-2021-047