BenderCVEs & Vulnerabilities

9 CVEs affecting Bender products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

icc15xx firmware 8cc613 8cc612 firmware 8cc612 8icc16xx 2cc613 firmware 2icc15xx 2icc16xx firmware 2
CVE-2021-34602HIGH

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges.

27 Apr 2022
8.8
CVSS
CVE-2021-34601CRITICAL

In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI.

27 Apr 2022
9.8
CVSS
CVE-2021-34592HIGH

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.

27 Apr 2022
8.8
CVSS
CVE-2021-34591HIGH

In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.

27 Apr 2022
7.8
CVSS
CVE-2021-34590MEDIUM

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.

27 Apr 2022
5.4
CVSS
CVE-2021-34589HIGH

In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.

27 Apr 2022
7.5
CVSS
CVE-2021-34588HIGH

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .

27 Apr 2022
8.6
CVSS
CVE-2021-34587MEDIUM

In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.

27 Apr 2022
5.3
CVSS
CVE-2019-19885CRITICAL

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.

16 Oct 2020
9.1
CVSS
← PrevPage 1 / 1Next →