Icc15Xx Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:bender:icc15xx_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Bender (0876ce5f-bacd-5df6-b2fe-92874e03f9c1) |
|---|---|
| Product | Icc15Xx Firmware (59548470-f559-5d4f-8403-76f963a07db9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-34602 |
vulnerable | 2026-06-03 14:44:45.816625 |
Bender Charge Controller: Long URL could lead to webserver crash
HIGH (8.8)
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.
Published: 2022-04-27T15:15:34.774Z
Updated: 2024-09-17T01:46:57.289Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34601 |
vulnerable | 2026-06-03 14:44:45.815971 |
Bender Charge Controller: Hardcoded Credentials in Charge Controller
CRITICAL (9.8)
In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.
Published: 2022-04-27T15:15:33.375Z
Updated: 2024-09-16T19:47:12.796Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34592 |
vulnerable | 2026-06-03 14:44:45.779398 |
Bender Charge Controller: Command injection via Web interface
HIGH (8.8)
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
Published: 2022-04-27T15:15:31.464Z
Updated: 2024-09-16T22:20:44.822Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34591 |
vulnerable | 2026-06-03 14:44:45.778755 |
Bender Charge Controller: Local privilege Escalation
HIGH (7.8)
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.
Published: 2022-04-27T15:15:30.014Z
Updated: 2024-09-16T20:36:53.897Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34590 |
vulnerable | 2026-06-03 14:44:45.778103 |
Bender Charge Controller: Cross-site Scripting
MEDIUM (5.4)
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.
Published: 2022-04-27T15:15:28.655Z
Updated: 2024-09-16T22:01:39.627Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34589 |
vulnerable | 2026-06-03 14:44:45.777342 |
Bender Charge Controller: RFID leak
HIGH (7.5)
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.
Published: 2022-04-27T15:15:27.151Z
Updated: 2024-09-16T21:08:59.841Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34588 |
vulnerable | 2026-06-03 14:44:45.774080 |
Bender Charge Controller: Unprotected data export
HIGH (8.6)
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
Published: 2022-04-27T15:15:25.652Z
Updated: 2024-09-16T21:07:21.537Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34587 |
vulnerable | 2026-06-03 14:44:45.771177 |
Bender Charge Controller: Long URL could lead to webserver crash
MEDIUM (5.3)
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
Published: 2022-04-27T15:15:24.084Z
Updated: 2024-09-17T02:58:12.456Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.