Hardcoded credentials

2022-04-2716:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.

CPENameOperatorVersion
cc612_firmwarege5.11.0
cc612_firmwarelt5.11.2
cc612_firmwarege5.12.0
cc612_firmwarelt5.12.5
cc612_firmwarege5.13.0
cc612_firmwarelt5.13.2
cc612_firmwarege5.20.0
cc612_firmwarelt5.20.2
icc15xx_firmwarege5.11.0
icc15xx_firmwarelt5.11.2

Name	Operator	Version
cc612_firmware	ge	5.11.0
cc612_firmware	lt	5.11.2
cc612_firmware	ge	5.12.0
cc612_firmware	lt	5.12.5
cc612_firmware	ge	5.13.0
cc612_firmware	lt	5.13.2
cc612_firmware	ge	5.20.0
cc612_firmware	lt	5.20.2
icc15xx_firmware	ge	5.11.0
icc15xx_firmware	lt	5.11.2

Rows per page:

1-10 of 321

References

cert.vde.com/en/advisories/VDE-2021-047