Description
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Bender / ebee / CC6125.20.x – 5.20.2
- Bender / ebee / CC6125.11.x – 5.11.2
- Bender / ebee / CC6125.12.x – 5.12.5
- Bender / ebee / CC6125.13.x – 5.13.2
- Bender / ebee / CC6135.20.x – 5.20.2
- Bender / ebee / CC6135.11.x – 5.11.2
- Bender / ebee / CC6135.13.x – 5.13.2
- Bender / ebee / CC6135.12.x – 5.12.5
- Bender / ebee / ICC15xx5.11.x – 5.11.2
- Bender / ebee / ICC15xx5.12.x – 5.12.5
- Bender / ebee / ICC15xx5.13.x – 5.13.2
- Bender / ebee / ICC15xx5.20.x – 5.20.2
- Bender / ebee / ICC16xx5.11.x – 5.11.2
- Bender / ebee / ICC16xx5.12.x – 5.12.5
- Bender / ebee / ICC16xx5.13.x – 5.13.2
- Bender / ebee / ICC16xx5.20.x – 5.20.2
References
- VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2021-047